[libvirt] [PATCH] Fix starting qemu instances when apparmor driver is enabled
Guannan Ren
gren at redhat.com
Fri Mar 1 05:53:05 UTC 2013
On 03/01/2013 08:37 AM, Jim Fehlig wrote:
> Eric Blake wrote:
>> On 02/27/2013 04:51 PM, Jim Fehlig wrote:
>>
>>> With the apparmor security driver enabled, qemu instances fail
>>> to start
>>>
>>> # grep ^security_driver /etc/libvirt/qemu.conf
>>> security_driver = "apparmor"
>>> # virsh start test-kvm
>>> error: Failed to start domain test-kvm
>>> error: internal error security label already defined for VM
>>>
>>> The model field of virSecurityLabelDef object is always populated
>>> by virDomainDefGetSecurityLabelDef(), so remove the check for a
>>> NULL model when verifying if a label is already defined for the
>>> instance.
>>>
>>> Checking for a NULL model and populating it later in
>>> AppArmorGenSecurityLabel() has been left in the code to be
>>> consistent with virSecuritySELinuxGenSecurityLabel().
>>> ---
>>> src/security/security_apparmor.c | 6 ++----
>>> 1 file changed, 2 insertions(+), 4 deletions(-)
>>>
>> ACK; and safe for 1.0.3.
>>
> Thanks, pushed now.
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
Hi Jim
In selinux, libvirt added a label for tapfd.
Do you think this patch makes sense for apparmor?
https://www.redhat.com/archives/libvir-list/2012-October/msg01461.html
Gunannan
More information about the libvir-list
mailing list