Re: [PATCH] virt-aa-helper: Fix permissions for vhost-user socket files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 19 June 2015 at 21:30, Serge Hallyn <serge.hallyn@xxxxxxxxxx> wrote:
Quoting Michal Dubiel (md@xxxxxxxxxxxx):
> QEMU working in vhost-user mode communicates with the other end (i.e.
> some virtual router application) via unix domain sockets. This requires
> that permissions for the socket files are correctly written into
> /etc/apparmor.d/libvirt/libvirt-UUID.files.
>
> Signed-off-by: Michal Dubiel <md@xxxxxxxxxxxx>
> ---
>  src/security/virt-aa-helper.c | 24 +++++++++++++-----------
>  1 file changed, 13 insertions(+), 11 deletions(-)
>
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index 35423b5..a097aa6 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -592,19 +592,9 @@ valid_path(const char *path, const bool readonly)
>
>      if (!virFileExists(path)) {
>          vah_warning(_("path does not exist, skipping file type checks"));
> -    } else {
> -        if (stat(path, &sb) == -1)
> +    } else if (stat(path, &sb) == -1)
>              return -1;

Hi,

Why keep this bit?  sb is not used later in the fn, and you
already know that access(2) didn't return ENOENT.

You are right, it is not needed. Thanks for pointing this out. I will update the patch accordingly. 

Regards,
Michal
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]