On Thu, Nov 12, 2009 at 11:47:38AM -0600, Jamie Strandboge wrote: > Hi, > > The following patchset contains various cleanups for the AppArmor > driver. It assumes that the patch contained in the email with the > following subject is already applied: > > [libvirt] [PATCH] fix virt-aa-helper failure when host arch and os.type arch are different > > This patch was ACKed but never applied. When committing that patch, > please also chmod 755 ./tests/virt-aa-helper-test. done, > 1_aa_profile_updates.patch: > Adds pulseaudio, alsa and preliminary save/restore to the example > apparmor abstraction. Also allows libvirtd access to inet dgram, inet6 > dgram, inet6 stream and /usr/lib/libvirt/*. > > 2_aa_require_absolute_path.patch: > Require absolute path for dynamic added files. This is required by > AppArmor and conveniently prevents adding tcp consoles to the profile. > This fixes https://launchpad.net/bugs/460271. > > 3_aa_deny_write_to_readonly.patch: > Suppress confusing and misleading apparmor denied message when kvm/qemu > tries to open a libvirt specified readonly file (such as a cdrom) with > write permissions. libvirt uses the readonly attribute for the security > driver only, and has no way of telling kvm/qemu that the device should > be opened readonly. This fixes https://launchpad.net/bugs/453335. > > 4_aa_driver_cleanups.patch: > Implements all changes requested by DV except for getting rid of > readlink(). I can't use virFileResolveLink() because it lstat()s the > file and uses st.st_size to create a buffer. Unfortunately, running > lstat() on /proc/self/exe results in st.st_size to be 0. Okay, ot a big deal, fixes all look fine, I applied and pushed them ! > The changes pass 'syntax-check'. secaatest and virt-aa-helper-test both > pass (there are several problems in the test suite causing 'make check' > to fail. These are all unrelated to these patches). Hum, make check works for me, but I don't have apparmor to test thanks ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@xxxxxxxxxxxx | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list