[libvirt] [PATCH v2] apparmor: use AppArmorSetFDLabel for both imageFD and tapFD
Jim Fehlig
jfehlig at suse.com
Thu Mar 7 21:21:05 UTC 2013
Guannan Ren wrote:
> Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
> be used as a common function for *ALL* fd relabelling in Linux.
>
> In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
> Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
> The last line is for the tapfd relabelling.
>
> # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
> "/var/log/libvirt/**/rhel6qcow2.log" w,
> "/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
> "/var/run/libvirt/**/rhel6qcow2.pid" rwk,
> "/run/libvirt/**/rhel6qcow2.pid" rwk,
> "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
> "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
> "/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
> "/dev/tap45" rw,
> ---
> src/security/security_apparmor.c | 20 +++++---------------
> 1 file changed, 5 insertions(+), 15 deletions(-)
>
ACK.
> diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
> index 2e6a57f..9dd8d74 100644
> --- a/src/security/security_apparmor.c
> +++ b/src/security/security_apparmor.c
> @@ -884,9 +884,9 @@ AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
> }
>
> static int
> -AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
> - virDomainDefPtr def,
> - int fd)
> +AppArmorSetFDLabel(virSecurityManagerPtr mgr,
> + virDomainDefPtr def,
> + int fd)
> {
> int rc = -1;
> char *proc = NULL;
> @@ -915,16 +915,6 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
> return reload_profile(mgr, def, fd_path, true);
> }
>
> -/* TODO need code here */
> -static int
> -AppArmorSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> - virDomainDefPtr def ATTRIBUTE_UNUSED,
> - int fd ATTRIBUTE_UNUSED)
> -{
> - return 0;
> -}
> -
> -
> static char *
> AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
> virDomainDefPtr vm ATTRIBUTE_UNUSED)
> @@ -975,8 +965,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
> .domainSetSavedStateLabel = AppArmorSetSavedStateLabel,
> .domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel,
>
> - .domainSetSecurityImageFDLabel = AppArmorSetImageFDLabel,
> - .domainSetSecurityTapFDLabel = AppArmorSetTapFDLabel,
> + .domainSetSecurityImageFDLabel = AppArmorSetFDLabel,
> + .domainSetSecurityTapFDLabel = AppArmorSetFDLabel,
>
> .domainGetSecurityMountOptions = AppArmorGetMountOptions,
> };
>
More information about the libvir-list
mailing list