Re: [PATCH v2] apparmor: use AppArmorSetFDLabel for both imageFD and tapFD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Guannan Ren wrote:
> Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
> be used as a common function for *ALL* fd relabelling in Linux.
>
> In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
> Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
> The last line is for the tapfd relabelling.
>
>  # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
>   "/var/log/libvirt/**/rhel6qcow2.log" w,
>   "/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
>   "/var/run/libvirt/**/rhel6qcow2.pid" rwk,
>   "/run/libvirt/**/rhel6qcow2.pid" rwk,
>   "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
>   "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
>   "/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
>   "/dev/tap45" rw,
> ---
>  src/security/security_apparmor.c | 20 +++++---------------
>  1 file changed, 5 insertions(+), 15 deletions(-)
>   

ACK.

> diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
> index 2e6a57f..9dd8d74 100644
> --- a/src/security/security_apparmor.c
> +++ b/src/security/security_apparmor.c
> @@ -884,9 +884,9 @@ AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
>  }
>  
>  static int
> -AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
> -                        virDomainDefPtr def,
> -                        int fd)
> +AppArmorSetFDLabel(virSecurityManagerPtr mgr,
> +                   virDomainDefPtr def,
> +                   int fd)
>  {
>      int rc = -1;
>      char *proc = NULL;
> @@ -915,16 +915,6 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
>      return reload_profile(mgr, def, fd_path, true);
>  }
>  
> -/* TODO need code here */
> -static int
> -AppArmorSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> -                      virDomainDefPtr def ATTRIBUTE_UNUSED,
> -                      int fd ATTRIBUTE_UNUSED)
> -{
> -    return 0;
> -}
> -
> -
>  static char *
>  AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
>                          virDomainDefPtr vm ATTRIBUTE_UNUSED)
> @@ -975,8 +965,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
>      .domainSetSavedStateLabel           = AppArmorSetSavedStateLabel,
>      .domainRestoreSavedStateLabel       = AppArmorRestoreSavedStateLabel,
>  
> -    .domainSetSecurityImageFDLabel      = AppArmorSetImageFDLabel,
> -    .domainSetSecurityTapFDLabel        = AppArmorSetTapFDLabel,
> +    .domainSetSecurityImageFDLabel      = AppArmorSetFDLabel,
> +    .domainSetSecurityTapFDLabel        = AppArmorSetFDLabel,
>  
>      .domainGetSecurityMountOptions      = AppArmorGetMountOptions,
>  };
>   

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]