This came up in discussions around huge pages, but it will cover
more per guest paths that should be added to the guests apparmor profile:
- keys via qemuDomainWriteMasterKeyFile
- per domain dirs via qemuProcessMakeDir
- memory backing paths via qemuProcessBuildDestroyMemoryPathsImpl
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx>
---
src/security/security_apparmor.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 1db94c6..dcd6f52 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -953,6 +953,13 @@ AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr,
return reload_profile(mgr, def, savefile, true);
}
+static int
+AppArmorSetPathLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ const char *path)
+{
+ return reload_profile(mgr, def, path, true);
+}
static int
AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
@@ -1045,6 +1052,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
.domainSetSavedStateLabel = AppArmorSetSavedStateLabel,
.domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel,
+ .domainSetPathLabel = AppArmorSetPathLabel,
+
.domainSetSecurityImageFDLabel = AppArmorSetFDLabel,
.domainSetSecurityTapFDLabel = AppArmorSetFDLabel,
--
2.7.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
