[libvirt] Resubmission: [PATCH 1/6] sVirt AppArmor security driver

Tue Sep 8 21:19:59 UTC 2009

On Tue, 08 Sep 2009, Jamie Strandboge wrote:

> > [PATCH 1*]
> > patch_1a_reenable-nonfile-labels.patch:
> > When James Morris originally submitted his sVirt patches (as seen in
> > libvirt 0.6.1), he did not require on disk labelling for
> > virSecurityDomainRestoreImageLabel. A later commit[2] changed this
> > behavior to assume on disk labelling, which halts implementations for
> > path-based MAC systems such as AppArmor and TOMOYO where
> > vm->def->seclabel is required to obtain the label. This patch simply
> > adds the 'virDomainObjPtr vm' argument back to *RestoreImageLabel.
> > 
> > patch_1b_optional.patch:
> > Due to the above change, 'make syntax-check' fails because
> > SELinuxRestoreSecurityImageLabel() does not use the 'virDomainObjPtr
> > vm'. patch_1b_optional.patch is a simple patch to fix this by checking
> > if vm->def->seclabel == NULL and returns with error if it does. I
> > realize this may not be desired in the long term, but it should be
> > harmless enough to include.
> > 

-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch_1a_reenable-nonfile-labels.patch
Type: text/x-diff
Size: 2525 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090908/c16f0dbc/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch_1b_optional.patch
Type: text/x-diff
Size: 670 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090908/c16f0dbc/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090908/c16f0dbc/attachment-0001.sig>