On Fri, 2015-08-21 at 11:01 +0200, Guido Günther wrote:
> Hi,
> On Thu, Aug 20, 2015 at 10:58:59AM -0700, Peter Kieser wrote:
> > Some UEFI firmwares may want to use a non-volatile memory to store some
> > variables.
> > If AppArmor is enabled, and NVRAM store file is set currently virt-aa-helper
> > does
> > not add the NVRAM store file to the template. Add this file for read/write
> > when
> > this functionality is defined in domain XML.
>
> I'm not an export on apparmor things but it makes sense to me.
> ACK
ACK from me too. Just pushed it.
--
Cedric
> Cheers,
> -- Guido
>
> >
> > Signed-off-by: Peter Kieser <peter@xxxxxxxxx>
> > ---
> > src/security/virt-aa-helper.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> > index 4ce1e7a..2f93172 100644
> > --- a/src/security/virt-aa-helper.c
> > +++ b/src/security/virt-aa-helper.c
> > @@ -1047,6 +1047,10 @@ get_files(vahControl * ctl)
> > if (vah_add_file(&buf, ctl->def->os.loader->path, "r") != 0)
> > goto cleanup;
> >
> > + if (ctl->def->os.loader && ctl->def->os.loader->nvram)
> > + if (vah_add_file(&buf, ctl->def->os.loader->nvram, "rw") != 0)
> > + goto cleanup;
> > +
> > for (i = 0; i < ctl->def->ngraphics; i++) {
> > if (ctl->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
> > ctl->def->graphics[i]->data.vnc.socket &&
> >
> >
>
>
>
> > --
> > libvir-list mailing list
> > libvir-list@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/libvir-list
>
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list
>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list