[libvirt] [PATCH] apparmor: QEMU monitor socket moved
Martin Kletzander
mkletzan at redhat.com
Fri Apr 1 11:11:21 UTC 2016
On Thu, Mar 31, 2016 at 05:00:09PM +0200, Guido Günther wrote:
>The directory name changed in a89f05ba8df095875f5ec8a9065a585af63a010b.
>---
> src/security/virt-aa-helper.c | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
>index a2d7226..0ded671 100644
>--- a/src/security/virt-aa-helper.c
>+++ b/src/security/virt-aa-helper.c
>@@ -1366,6 +1366,8 @@ main(int argc, char **argv)
> LOCALSTATEDIR, ctl->def->name);
> virBufferAsprintf(&buf, " \"%s/lib/libvirt/qemu/domain-%s/monitor.sock\" rw,\n",
> LOCALSTATEDIR, ctl->def->name);
>+ virBufferAsprintf(&buf, " \"%s/lib/libvirt/qemu/domain-*-%.*s/monitor.sock\" rw,\n",
Shouldn't this be domain-%d-... with the %d being ctl->def->id? Or is
it not known at this point? Then I think it should allow only numbers
between the dashes. If that's possible.
Another question, though: shouldn't there be also vnc.sock in case that
is enabled? Basically we create this (and the
qemu/channel/target/domain-...) directory just for that particular
domain, so it should have access to the whole directory. Also the
channel/target one, I believe. Or did I miss something?
Thanks,
Martin
>+ LOCALSTATEDIR, 20, ctl->def->name);
> virBufferAsprintf(&buf, " \"%s/run/libvirt/**/%s.pid\" rwk,\n",
> LOCALSTATEDIR, ctl->def->name);
> virBufferAsprintf(&buf, " \"/run/libvirt/**/%s.pid\" rwk,\n",
>--
>2.8.0.rc3
>
>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20160401/e80dbb78/attachment-0001.sig>
More information about the libvir-list
mailing list