[libvirt] [PATCH] virt-aa-helper: Fix permissions for vhost-user socket files
Michał Dubiel
md at semihalf.com
Mon Jun 22 10:09:44 UTC 2015
On 19 June 2015 at 21:30, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Michal Dubiel (md at semihalf.com):
> > QEMU working in vhost-user mode communicates with the other end (i.e.
> > some virtual router application) via unix domain sockets. This requires
> > that permissions for the socket files are correctly written into
> > /etc/apparmor.d/libvirt/libvirt-UUID.files.
> >
> > Signed-off-by: Michal Dubiel <md at semihalf.com>
> > ---
> > src/security/virt-aa-helper.c | 24 +++++++++++++-----------
> > 1 file changed, 13 insertions(+), 11 deletions(-)
> >
> > diff --git a/src/security/virt-aa-helper.c
> b/src/security/virt-aa-helper.c
> > index 35423b5..a097aa6 100644
> > --- a/src/security/virt-aa-helper.c
> > +++ b/src/security/virt-aa-helper.c
> > @@ -592,19 +592,9 @@ valid_path(const char *path, const bool readonly)
> >
> > if (!virFileExists(path)) {
> > vah_warning(_("path does not exist, skipping file type
> checks"));
> > - } else {
> > - if (stat(path, &sb) == -1)
> > + } else if (stat(path, &sb) == -1)
> > return -1;
>
> Hi,
>
> Why keep this bit? sb is not used later in the fn, and you
> already know that access(2) didn't return ENOENT.
You are right, it is not needed. Thanks for pointing this out. I will
update the patch accordingly.
Regards,
Michal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150622/2eb30dc6/attachment-0001.htm>
More information about the libvir-list
mailing list