[libvirt] [PATCH] virt-aa-helper: add NVRAM store file for read/write
Guido Günther
agx at sigxcpu.org
Fri Aug 21 09:01:44 UTC 2015
Hi,
On Thu, Aug 20, 2015 at 10:58:59AM -0700, Peter Kieser wrote:
> Some UEFI firmwares may want to use a non-volatile memory to store some
> variables.
> If AppArmor is enabled, and NVRAM store file is set currently virt-aa-helper
> does
> not add the NVRAM store file to the template. Add this file for read/write
> when
> this functionality is defined in domain XML.
I'm not an export on apparmor things but it makes sense to me.
ACK
Cheers,
-- Guido
>
> Signed-off-by: Peter Kieser <peter at kieser.ca>
> ---
> src/security/virt-aa-helper.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index 4ce1e7a..2f93172 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -1047,6 +1047,10 @@ get_files(vahControl * ctl)
> if (vah_add_file(&buf, ctl->def->os.loader->path, "r") != 0)
> goto cleanup;
>
> + if (ctl->def->os.loader && ctl->def->os.loader->nvram)
> + if (vah_add_file(&buf, ctl->def->os.loader->nvram, "rw") != 0)
> + goto cleanup;
> +
> for (i = 0; i < ctl->def->ngraphics; i++) {
> if (ctl->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
> ctl->def->graphics[i]->data.vnc.socket &&
>
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
More information about the libvir-list
mailing list