[libvirt] [PATCH v2] apparmor: use AppArmorSetFDLabel for both imageFD and tapFD
Guannan Ren
gren at redhat.com
Fri Mar 8 02:57:15 UTC 2013
On 03/08/2013 05:21 AM, Jim Fehlig wrote:
> Guannan Ren wrote:
>> Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
>> be used as a common function for *ALL* fd relabelling in Linux.
>>
>> In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
>> Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
>> The last line is for the tapfd relabelling.
>>
>> # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
>> "/var/log/libvirt/**/rhel6qcow2.log" w,
>> "/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
>> "/var/run/libvirt/**/rhel6qcow2.pid" rwk,
>> "/run/libvirt/**/rhel6qcow2.pid" rwk,
>> "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
>> "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
>> "/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
>> "/dev/tap45" rw,
>> ---
>> src/security/security_apparmor.c | 20 +++++---------------
>> 1 file changed, 5 insertions(+), 15 deletions(-)
>>
> ACK.
>
Thanks, pushed.
Guannan
More information about the libvir-list
mailing list