On 12/02/2011 12:10 PM, Serge Hallyn wrote: > The pathname for the pipe for tunnelled migration is unresolvable. The > libvirt apparmor driver therefore refuses access, causing migration to > fail. If we can't resolve the path, the worst that can happen is that > we should have given permission to the file but didn't. Otherwise > (especially since this is a /proc/$$/fd/N file) the file is already open > and libvirt won't be refused access by apparmor anyway. > > Also adjust virt-aa-helper to allow access to the > *.tunnelmigrate.dest.name files. > > Changelog: Dec 2: per jdstrand comment, also change the Error to a VIR_WARN. I tend to put comments like the above after the ---; they are nice during patch review for comparing how the patch has evolved compared to prior reviews, but the history of how a patch was created is no longer important once you have the patch itself in libvirt.git. > > For more information, see https://launchpad.net/bugs/869553. Whereas this definitely belongs in the commit message. > > Signed-off-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx> > --- > src/security/security_apparmor.c | 6 +++--- > src/security/virt-aa-helper.c | 4 ++++ > 2 files changed, 7 insertions(+), 3 deletions(-) ACK and pushed, with the compilation actually fixed by squashing this in: diff --git i/src/security/security_apparmor.c w/src/security/security_apparmor.c index 5e68da8..db7e7dc 100644 --- i/src/security/security_apparmor.c +++ w/src/security/security_apparmor.c @@ -38,6 +38,7 @@ #include "virfile.h" #include "configmake.h" #include "command.h" +#include "logging.h" #define VIR_FROM_THIS VIR_FROM_SECURITY #define SECURITY_APPARMOR_VOID_DOI "0" -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list