[libvirt] [PATCH 1/1] apparmor: allow tunnelled migrations.

Eric Blake eblake at redhat.com
Fri Dec 2 19:32:08 UTC 2011

On 12/02/2011 12:10 PM, Serge Hallyn wrote:
> The pathname for the pipe for tunnelled migration is unresolvable.  The
> libvirt apparmor driver therefore refuses access, causing migration to
> fail.  If we can't resolve the path, the worst that can happen is that
> we should have given permission to the file but didn't.  Otherwise
> (especially since this is a /proc/$$/fd/N file) the file is already open
> and libvirt won't be refused access by apparmor anyway.
> Also adjust virt-aa-helper to allow access to the
> *.tunnelmigrate.dest.name files.
> Changelog: Dec 2: per jdstrand comment, also change the Error to a VIR_WARN.

I tend to put comments like the above after the ---; they are nice
during patch review for comparing how the patch has evolved compared to
prior reviews, but the history of how a patch was created is no longer
important once you have the patch itself in libvirt.git.

> For more information, see https://launchpad.net/bugs/869553.

Whereas this definitely belongs in the commit message.

> Signed-off-by: Serge Hallyn <serge.hallyn at canonical.com>
> ---
>  src/security/security_apparmor.c |    6 +++---
>  src/security/virt-aa-helper.c    |    4 ++++
>  2 files changed, 7 insertions(+), 3 deletions(-)

ACK and pushed, with the compilation actually fixed by squashing this in:

diff --git i/src/security/security_apparmor.c
index 5e68da8..db7e7dc 100644
--- i/src/security/security_apparmor.c
+++ w/src/security/security_apparmor.c
@@ -38,6 +38,7 @@
 #include "virfile.h"
 #include "configmake.h"
 #include "command.h"
+#include "logging.h"


Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20111202/45dfb1da/attachment-0001.sig>

More information about the libvir-list mailing list