[libvirt] [PATCH] security: apparmor: Label externalDataStore

Cole Robinson crobinso at redhat.com
Fri Oct 11 19:14:04 UTC 2019


Teach virt-aa-helper how to label a qcow2 data_file, tracked internally
as externalDataStore. It should be treated the same as its sibling
disk image

Signed-off-by: Cole Robinson <crobinso at redhat.com>
---
Compiled but not runtime tested, I don't have an apparmor setup

 src/security/virt-aa-helper.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 509187ac36..fe6fa12550 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -949,6 +949,10 @@ storage_source_add_files(virStorageSourcePtr src,
         if (add_file_path(tmp, depth, buf) < 0)
             return -1;
 
+        if (src->externalDataStore &&
+            storage_source_add_files(src->externalDataStore, buf, depth) < 0)
+            return -1;
+
         depth++;
     }
 
-- 
2.23.0




More information about the libvir-list mailing list