[PATCH 3/3] ask for no deny rule for readonly disk elements

Serge Hallyn <serge.hallyn@xxxxxxxxxx> · Fri, 11 Mar 2016 20:07:44 +0000

[ This depends on patch 2/3, so don't cherrypick just this one :) ]

Just because a disk element only requests read access doesn't mean
there may not be another readwrite request.

This fixes 'virsh blockcommit' which otherwise fails due to inability
to write to the basefile.

Signed-off-by: Serge Hallyn <serge.hallyn@xxxxxxxxxx>
---
 src/security/virt-aa-helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 34d08c8..2d05522 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -939,11 +939,11 @@ add_file_path(virDomainDiskDefPtr disk,
 
     if (depth == 0) {
         if (disk->src->readonly)
-            ret = vah_add_file(buf, path, "r");
+            ret = vah_add_file(buf, path, "R");
         else
             ret = vah_add_file(buf, path, "rw");
     } else {
-        ret = vah_add_file(buf, path, "r");
+        ret = vah_add_file(buf, path, "R");
     }
 
     if (ret != 0)
-- 
2.7.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list






