[libvirt] [PATCH 0/4] apparmor: implement more domain callbacks
Christian Ehrhardt
christian.ehrhardt at canonical.com
Tue Jan 9 14:35:42 UTC 2018
On Tue, Jan 9, 2018 at 11:02 AM, Michal Privoznik <mprivozn at redhat.com> wrote:
> On 01/03/2018 06:00 PM, Christian Ehrhardt wrote:
>> Based on a discussion in [1] I found that the AppArmor security
>> module lacked some callbacks. Implementing those not only fixes
>> the issue I had before but will also cover a few more cases I
>> didn't even run into so far.
>>
>> [1]: https://www.redhat.com/archives/libvir-list/2017-December/msg00726.html
>>
>> Christian Ehrhardt (4):
>> security, apparmor: implement domainSetPathLabel
>> security: full path option for DomainSetPathLabel
>> security, apparmor: add (Set|Restore)ChardevLabel
>> apparmor, virt-aa-helper: drop static channel rule
>>
>> src/qemu/qemu_domain.c | 2 +-
>> src/qemu/qemu_process.c | 4 +-
>> src/security/security_apparmor.c | 96 ++++++++++++++++++++++++++++++++++++++++
>> src/security/security_dac.c | 3 +-
>> src/security/security_driver.h | 3 +-
>> src/security/security_manager.c | 5 ++-
>> src/security/security_manager.h | 3 +-
>> src/security/security_selinux.c | 3 +-
>> src/security/security_stack.c | 5 ++-
>> src/security/virt-aa-helper.c | 2 -
>> 10 files changed, 113 insertions(+), 13 deletions(-)
>>
>
> Looking good, but I've raised some small nits. Can you take a look and
> possibly reply or send v2 directly?
Thanks for checking both feedbacks look good, I work on a V2 to be sent soon.
If there is anything else than me implementing them I'll reply there,
but from reading them once I think I'm ok with all suggested changes.
More information about the libvir-list
mailing list