On Mon, 2010-04-05 at 16:15 -0500, Jamie Strandboge wrote: > 8_apparmor-fix-xauth.patch: adjust virt-aa-helper to handle SDL > graphics, specifically Xauthority[6]. Also remove a couple redundant > checks -- Jamie Strandboge | http://www.canonical.com
Author: Jamie Strandboge <jamie@xxxxxxxxxxxxx> Description: adjust virt-aa-helper to handle SDL graphics, specifically Xauthority. Also remove a couple redundant checks. Bug-Ubuntu: https://launchpad.net/bugs/545426 diff -Naur libvirt.orig/src/security/virt-aa-helper.c libvirt/src/security/virt-aa-helper.c --- libvirt.orig/src/security/virt-aa-helper.c 2010-04-05 15:04:53.000000000 -0500 +++ libvirt/src/security/virt-aa-helper.c 2010-04-05 15:46:40.000000000 -0500 @@ -775,7 +775,7 @@ virBufferVSprintf(buf, " \"%s\" %s,\n", tmp, perms); if (readonly) { - virBufferVSprintf(buf, " # don't audit writes to readonly media\n"); + virBufferVSprintf(buf, " # don't audit writes to readonly files\n"); virBufferVSprintf(buf, " deny \"%s\" w,\n", tmp); } @@ -872,11 +872,11 @@ if (vah_add_file(&buf, ctl->def->console->data.file.path, "w") != 0) goto clean; - if (ctl->def->os.kernel && ctl->def->os.kernel) + if (ctl->def->os.kernel) if (vah_add_file(&buf, ctl->def->os.kernel, "r") != 0) goto clean; - if (ctl->def->os.initrd && ctl->def->os.initrd) + if (ctl->def->os.initrd) if (vah_add_file(&buf, ctl->def->os.initrd, "r") != 0) goto clean; @@ -884,6 +884,12 @@ if (vah_add_file(&buf, ctl->def->os.loader, "r") != 0) goto clean; + if (ctl->def->ngraphics == 1 && + ctl->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL) + if (vah_add_file(&buf, ctl->def->graphics[0]->data.sdl.xauth, + "r") != 0) + goto clean; + for (i = 0; i < ctl->def->nhostdevs; i++) if (ctl->def->hostdevs[i]) { virDomainHostdevDefPtr dev = ctl->def->hostdevs[i];
Attachment:
signature.asc
Description: This is a digitally signed message part
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list