[libvirt] [PATCH] virt-aa-helper: add NVRAM store file for read/write
Peter Kieser
peter at kieser.ca
Thu Aug 20 17:58:59 UTC 2015
Some UEFI firmwares may want to use a non-volatile memory to store some
variables.
If AppArmor is enabled, and NVRAM store file is set currently
virt-aa-helper does
not add the NVRAM store file to the template. Add this file for
read/write when
this functionality is defined in domain XML.
Signed-off-by: Peter Kieser <peter at kieser.ca>
---
src/security/virt-aa-helper.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 4ce1e7a..2f93172 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1047,6 +1047,10 @@ get_files(vahControl * ctl)
if (vah_add_file(&buf, ctl->def->os.loader->path, "r") != 0)
goto cleanup;
+ if (ctl->def->os.loader && ctl->def->os.loader->nvram)
+ if (vah_add_file(&buf, ctl->def->os.loader->nvram, "rw") != 0)
+ goto cleanup;
+
for (i = 0; i < ctl->def->ngraphics; i++) {
if (ctl->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
ctl->def->graphics[i]->data.vnc.socket &&
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4311 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150820/763f65d8/attachment-0001.p7s>
More information about the libvir-list
mailing list