[PATCH 2/6] Don't enable the AppArmour security driver with LXC

"Daniel P. Berrange" <berrange@xxxxxxxxxx> · Fri, 11 May 2012 11:10:02 +0100

From: Daniel Walsh <dwalsh@xxxxxxxxxx>

The AppArmour driver does not currently have support for LXC
so ensure that when probing, it claims to be disabled

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 src/security/security_apparmor.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index d638d1f..2d05fd0 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -328,7 +328,7 @@ AppArmorSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,
 
 /* Called on libvirtd startup to see if AppArmor is available */
 static int
-AppArmorSecurityManagerProbe(const char *virtDriver ATTRIBUTE_UNUSED)
+AppArmorSecurityManagerProbe(const char *virtDriver)
 {
     char *template = NULL;
     int rc = SECURITY_DRIVER_DISABLE;
@@ -336,6 +336,9 @@ AppArmorSecurityManagerProbe(const char *virtDriver ATTRIBUTE_UNUSED)
     if (use_apparmor() < 0)
         return rc;
 
+    if (virtDriver && STREQ(virtDriver, "LXC"))
+        return rc;
+
     /* see if template file exists */
     if (virAsprintf(&template, "%s/TEMPLATE",
                                APPARMOR_DIR "/libvirt") == -1) {
-- 
1.7.10.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list





