[libvirt] [PATCH] Add a rule to check for uses of readlink.
Jamie Strandboge
jamie at canonical.com
Thu Jan 21 17:00:58 UTC 2010
On Thu, 2010-01-21 at 11:33 -0500, Chris Lalancette wrote:
> Signed-off-by: Chris Lalancette <clalance at redhat.com>
> ---
> .x-sc_prohibit_readlink | 2 ++
> cfg.mk | 5 +++++
> 2 files changed, 7 insertions(+), 0 deletions(-)
> create mode 100644 .x-sc_prohibit_readlink
This breaks AppArmor (see why in my response to the AppArmor change).
Readlink() can be used safely, so perhaps the check can be done such
that if using readlink, you must check the return code. Or simply warn
if using readlink.
virFileResolveLink() behaves substantially differently than readlink()
and deprecating readlink() without adjusting virFileResolveLink() is
IMHO unwise (while AppArmor is the only thing affected atm, it seems at
least possible that new future code may need/want to readlink() things
in /proc (eg /proc/self/exe)).
Jamie
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100121/19d49103/attachment-0001.sig>
More information about the libvir-list
mailing list