[PATCH 2/4] virt-aa-helper: Add new purge (-P) option

Ioanna Alifieraki ioanna-maria.alifieraki at canonical.com
Thu Oct 7 17:25:36 UTC 2021 

Currently there is no way to remove the profile file.
This commit provides this functionality (required for next commit).

Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki at canonical.com>
---
 src/security/virt-aa-helper.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 269c372704..5ec0fb8807 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -101,6 +101,7 @@ vah_usage(void)
             "    -a | --add                     load profile\n"
             "    -c | --create                  create profile from template\n"
             "    -D | --delete                  unload profile and delete generated rules\n"
+            "    -P | --purge                   purge profile\n"
             "    -r | --replace                 reload profile\n"
             "    -R | --remove                  unload profile\n"
             "  Options:\n"
@@ -1361,13 +1362,14 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
         {"add-file", 0, 0, 'f'},
         {"append-file", 0, 0, 'F'},
         {"help", 0, 0, 'h'},
+        {"purge", 0, 0, 'P'},
         {"replace", 0, 0, 'r'},
         {"remove", 0, 0, 'R'},
         {"uuid", 1, 0, 'u'},
         {0, 0, 0, 0}
     };
 
-    while ((arg = getopt_long(argc, argv, "acdDhrRH:b:u:p:f:F:", opt,
+    while ((arg = getopt_long(argc, argv, "acdDhPrRH:b:u:p:f:F:", opt,
             &idx)) != -1) {
         switch (arg) {
             case 'a':
@@ -1391,6 +1393,9 @@ vahParseArgv(vahControl * ctl, int argc, char **argv)
                 vah_usage();
                 exit(EXIT_SUCCESS);
                 break;
+            case 'P':
+                ctl->cmd = 'P';
+                break;
             case 'r':
                 ctl->cmd = 'r';
                 break;
@@ -1456,7 +1461,7 @@ static int create_profile(vahControl *ctl, char *profile, char *include_file)
         return rc;
 }
 
-static int remove_profile(vahControl *ctl, char *include_file)
+static int remove_profile(vahControl *ctl, char *profile, char *include_file)
 {
         int rc = 0;
 
@@ -1464,6 +1469,8 @@ static int remove_profile(vahControl *ctl, char *include_file)
                 return rc;
         if (ctl->cmd == 'D')
                 unlink(include_file);
+        if (ctl->cmd == 'P')
+                unlink(profile);
 
         return rc;
 }
@@ -1519,7 +1526,7 @@ main(int argc, char **argv)
     if (ctl->cmd == 'a') {
         rc = parserLoad(ctl->uuid);
     } else if (ctl->cmd == 'R' || ctl->cmd == 'D') {
-            rc = remove_profile(ctl, include_file);
+            rc = remove_profile(ctl, profile, include_file);
     } else if (ctl->cmd == 'c' || ctl->cmd == 'r') {
         char *included_files = NULL;
         g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
-- 
2.17.1

More information about the libvir-list mailing list