[libvirt] [PATCH 1/1] apparmor: allow tunnelled migrations.
Eric Blake
eblake at redhat.com
Fri Dec 2 19:32:08 UTC 2011
On 12/02/2011 12:10 PM, Serge Hallyn wrote:
> The pathname for the pipe for tunnelled migration is unresolvable. The
> libvirt apparmor driver therefore refuses access, causing migration to
> fail. If we can't resolve the path, the worst that can happen is that
> we should have given permission to the file but didn't. Otherwise
> (especially since this is a /proc/$$/fd/N file) the file is already open
> and libvirt won't be refused access by apparmor anyway.
>
> Also adjust virt-aa-helper to allow access to the
> *.tunnelmigrate.dest.name files.
>
> Changelog: Dec 2: per jdstrand comment, also change the Error to a VIR_WARN.
I tend to put comments like the above after the ---; they are nice
during patch review for comparing how the patch has evolved compared to
prior reviews, but the history of how a patch was created is no longer
important once you have the patch itself in libvirt.git.
>
> For more information, see https://launchpad.net/bugs/869553.
Whereas this definitely belongs in the commit message.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at canonical.com>
> ---
> src/security/security_apparmor.c | 6 +++---
> src/security/virt-aa-helper.c | 4 ++++
> 2 files changed, 7 insertions(+), 3 deletions(-)
ACK and pushed, with the compilation actually fixed by squashing this in:
diff --git i/src/security/security_apparmor.c
w/src/security/security_apparmor.c
index 5e68da8..db7e7dc 100644
--- i/src/security/security_apparmor.c
+++ w/src/security/security_apparmor.c
@@ -38,6 +38,7 @@
#include "virfile.h"
#include "configmake.h"
#include "command.h"
+#include "logging.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
#define SECURITY_APPARMOR_VOID_DOI "0"
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20111202/45dfb1da/attachment-0001.sig>
More information about the libvir-list
mailing list