[libvirt] [PATCH v4 0/5] Apparmor support for less common devices

Christian Ehrhardt christian.ehrhardt at canonical.com
Thu Mar 22 09:11:52 UTC 2018


On Wed, Mar 21, 2018 at 10:22 PM, Christian Ehrhardt <
christian.ehrhardt at canonical.com> wrote:

> So far users added manual rules for most of these uncommon devices,
> but recent changes made some of the callbacks mandatory for hotplug
> so we should take shot at implementing them as those callbacks as well
> as for the initial start of a guest via virt-aa-helper.
>
> *Updates since v1*
>  - Set(Memory|Input)Label: remove seclabel check already done in
> reload_profile
>  - virt-aa-helper: check pointers before accessing them
>  - add tests for new virt-aa-helper supported xml elements
>  - extend tests to check for expected content (new patch in series)
>
> *Updates since v2*
>  - Restore(Memory|Input)Label: drop secdef/relabel check
>  - Set(Memory|Input)Label: check more pointers to be valid before using
> them
>
> *Updates since v3*
>  - added the Acked-by of Jamie Strandboge on patches 1-4
>  - reuse the already existing tmpdir in virt-aa-helper-test for better
> cleanup
>
> Christian Ehrhardt (5):
>   security, apparmor: add (Set|Restore)MemoryLabel
>   security, apparmor: add (Set|Restore)InputLabel
>   virt-aa-helper: generate rules for passthrough input devices
>   virt-aa-helper: generate rules for nvdimm memory
>

Rebased (no change), retested and pushed patches 1-4 being up a few days
and having acks.


>   virt-aa-helper: test: check for expected profile content
>

Keeping this last one up for more review to either push or reiterate on it
after more review.

 src/security/security_apparmor.c | 94 ++++++++++++++++++++++++++++++
> ++++++++++
>  src/security/virt-aa-helper.c    | 16 +++++++
>  tests/virt-aa-helper-test        | 87 ++++++++++++++++++++++--------
> -------
>  3 files changed, 163 insertions(+), 34 deletions(-)
>
> --
> 2.7.4
>
>


-- 
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180322/667e2188/attachment-0001.htm>


More information about the libvir-list mailing list