This is a v2 of the patches sent previously and hopefully makes things simpler. (previous patches subject: [PATCH 0/4] virt-aa-helper: Add new option to remove corrupted). This patch aims to address the bug reported in [1] and [2]. Bug description : Some times libvirt fails to start a vm with the following error : libvirt: error : unable to set AppArmor profile 'libvirt-b05b297f-952f-42d6-b04e-f9a13767db54' for '/usr/bin/kvm-spice': No such file or directory This happens because file /etc/apparmor.d/libvirt/libvirt-<vm-uuid> has 0 size. During the vm start-up virt-aa-helper tries to load the profile and because it is 0 it fails. When file /etc/apparmor.d/libvirt/libvirt-<vm-uuid> is removed the vm can start without problems. To address this issue this patch checks if the profile has 0 size and if this is the case it removes it. Changes with v1: I incorporated the feedback provided on v1 so the patches change as follows : Patches 1, 2 and 4 from v1 are dropped. The first patch is dropped because according to feedback provided remove_profile is not necessary and in the new version we unlink the profile directly in main(). In addition we skip calling create_profile twice by adding a boolean variable 'purged' if the profile was purged and creation occurs later on in main(). The second patch, which was adding a the option (-P) to remove the profile is dropped because currently this action happens only internally and there is no use case needed to make it available to the users of virt-aa-helper. The third patch which is the actual fix stays but modified. The forth patch which was adding a test to virt-aa-helper-test was the hardest to drop. Although, I'd like to have a test for this case, there is no apparent to make a test for this without having any side effects. The tests in virt-aa-helper-test are run with the --dryrun option and therefore no action should really happen. To test this fix, we need to create a corrupted profile and then remove it violating the dryrun. [1] https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1927519 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890084 Ioanna Alifieraki (1): virt-aa-helper: Purge profile if corrupted src/security/virt-aa-helper.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) -- 2.17.1
