[libvirt] [sandbox][PATCH 1/2] AppArmor support
Martin Kletzander
mkletzan at redhat.com
Wed Nov 26 04:32:06 UTC 2014
On Tue, Nov 25, 2014 at 02:29:25PM +0100, Cédric Bosdonnat wrote:
>Implement construction of apparmor security labels. The choice between
>selinux and apparmor model isn't exposed to the user, but guessed
>depending on what the host supports.
>---
> bin/virt-sandbox-service | 15 ++++++++-------
> libvirt-sandbox/libvirt-sandbox-builder.c | 32 +++++++++++++++++++++++++++++++
> 2 files changed, 40 insertions(+), 7 deletions(-)
>
[...]
>diff --git a/libvirt-sandbox/libvirt-sandbox-builder.c b/libvirt-sandbox/libvirt-sandbox-builder.c
>index 48fc9bc..bcad652 100644
>--- a/libvirt-sandbox/libvirt-sandbox-builder.c
>+++ b/libvirt-sandbox/libvirt-sandbox-builder.c
>@@ -358,6 +358,31 @@ static gboolean gvir_sandbox_builder_construct_security_selinux (GVirSandboxBuil
> return TRUE;
> }
>
>+static gboolean gvir_sandbox_builder_construct_security_apparmor(GVirSandboxBuilder *builder,
>+ GVirSandboxConfig *config,
>+ GVirConfigDomain *domain,
>+ GError **error)
>+{
>+ GVirConfigDomainSeclabel *sec = gvir_config_domain_seclabel_new();
>+ const char *label = gvir_sandbox_config_get_security_label(config);
>+
>+ gvir_config_domain_seclabel_set_model(sec, "apparmor");
>+ if (gvir_sandbox_config_get_security_dynamic(config)) {
>+ gvir_config_domain_seclabel_set_type(sec,
>+ GVIR_CONFIG_DOMAIN_SECLABEL_DYNAMIC);
There probably isn't something like a 'baselabel' in apparmor, right?
Because that could be set if there is a label in the config.
Anyway, ACK,
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20141126/1853f8cb/attachment-0001.sig>
More information about the libvir-list
mailing list