Re: [PATCH] Fix starting qemu instances when apparmor driver is enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/01/2013 08:37 AM, Jim Fehlig wrote:
Eric Blake wrote:
On 02/27/2013 04:51 PM, Jim Fehlig wrote:
With the apparmor security driver enabled, qemu instances fail
to start

# grep ^security_driver /etc/libvirt/qemu.conf
security_driver = "apparmor"
# virsh start test-kvm
error: Failed to start domain test-kvm
error: internal error security label already defined for VM

The model field of virSecurityLabelDef object is always populated
by virDomainDefGetSecurityLabelDef(), so remove the check for a
NULL model when verifying if a label is already defined for the
instance.

Checking for a NULL model and populating it later in
AppArmorGenSecurityLabel() has been left in the code to be
consistent with virSecuritySELinuxGenSecurityLabel().
---
  src/security/security_apparmor.c | 6 ++----
  1 file changed, 2 insertions(+), 4 deletions(-)
ACK; and safe for 1.0.3.
Thanks, pushed now.

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

    Hi Jim

       In selinux, libvirt added a label for tapfd.
       Do you think this patch makes sense for apparmor?
https://www.redhat.com/archives/libvir-list/2012-October/msg01461.html

    Gunannan


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]