36 lines
1.4 KiB
Diff
36 lines
1.4 KiB
Diff
|
From 91fdcefa7f145c1c39acc8e9a44fbfbf11568e54 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Peter Kieser <peter@kieser.ca>
|
||
|
|
Date: Thu, 20 Aug 2015 10:58:59 -0700
|
||
|
|
Subject: [PATCH 4/4] virt-aa-helper: add NVRAM store file for read/write
|
||
|
|
|
||
|
|
This is a cryptographically signed message in MIME format.
|
||
|
|
|
||
|
|
Some UEFI firmwares may want to use a non-volatile memory to store some
|
||
|
|
variables.
|
||
|
|
If AppArmor is enabled, and NVRAM store file is set currently
|
||
|
|
virt-aa-helper does
|
||
|
|
not add the NVRAM store file to the template. Add this file for
|
||
|
|
read/write when
|
||
|
|
this functionality is defined in domain XML.
|
||
|
|
|
||
|
|
Signed-off-by: Peter Kieser <peter@kieser.ca>
|
||
|
|
---
|
||
|
|
src/security/virt-aa-helper.c | 4 ++++
|
||
|
|
1 file changed, 4 insertions(+)
|
||
|
|
|
||
|
|
Index: libvirt-1.2.18/src/security/virt-aa-helper.c
|
||
|
|
===================================================================
|
||
|
|
--- libvirt-1.2.18.orig/src/security/virt-aa-helper.c
|
||
|
|
+++ libvirt-1.2.18/src/security/virt-aa-helper.c
|
||
|
|
@@ -1057,6 +1057,10 @@ get_files(vahControl * ctl)
|
||
|
|
if (vah_add_file(&buf, ctl->def->os.loader->path, "r") != 0)
|
||
|
|
goto cleanup;
|
||
|
|
|
||
|
|
+ if (ctl->def->os.loader && ctl->def->os.loader->nvram)
|
||
|
|
+ if (vah_add_file(&buf, ctl->def->os.loader->nvram, "rw") != 0)
|
||
|
|
+ goto cleanup;
|
||
|
|
+
|
||
|
|
for (i = 0; i < ctl->def->ngraphics; i++) {
|
||
|
|
if (ctl->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
|
||
|
|
ctl->def->graphics[i]->data.vnc.socket &&
|