libvirt/c264eea-virt-aa-helper-sandbox.patch

From c264eeaa381a917f01ba74526bf202073358a9dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Thu, 20 Nov 2014 11:32:38 +0100
Subject: [PATCH 2/5] virt-aa-helper: /etc/libvirt-sandbox/services isn't
 restricted

To get virt-sandbox-service working with AppArmor, virt-aa-helper
needs not to choke on path in /etc/libvirt-sandbox/services.
---
 src/security/virt-aa-helper.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 81f9f40..f273e09 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -571,7 +571,8 @@ valid_path(const char *path, const bool readonly)
     };
     /* override the above with these */
     const char * const override[] = {
-        "/sys/devices/pci"	/* for hostdev pci devices */
+        "/sys/devices/pci",	/* for hostdev pci devices */
+        "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
     };
 
     if (path == NULL) {
-- 
2.1.2
Accepting request 262985 from home:cbosdonnat:branches:Virtualization - Fix potential crasher in virt-aa-helper 2222123-virt-aa-helper-crash.patch - ip link add now needs the 'name' parameter. 433b427-iplink-name.patch - Fixes for virt-sandbox-service to work: - Allow adding virt-sandbox service config to apparmor rules. c264eea-virt-aa-helper-sandbox.patch - fix symlink resolving for containers to start. 72fecf1-lxc-resolve-symlinks.patch - fix unmounting file system if it contains the source to mount. e50457d-lxc-unmount-check.patch - Remove security_driver = "none" in qemu config. This completely disabled all security drivers instead of probing them. - Changed default value of QEMU's security_default_confined to 0 to keep QEMU domains unconfined by default. OBS-URL: https://build.opensuse.org/request/show/262985 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=422 2014-11-25 14:41:55 +01:00			`From c264eeaa381a917f01ba74526bf202073358a9dc Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>`
			`Date: Thu, 20 Nov 2014 11:32:38 +0100`
			`Subject: [PATCH 2/5] virt-aa-helper: /etc/libvirt-sandbox/services isn't`
			`restricted`

			`To get virt-sandbox-service working with AppArmor, virt-aa-helper`
			`needs not to choke on path in /etc/libvirt-sandbox/services.`
			`---`
			`src/security/virt-aa-helper.c \| 3 ++-`
			`1 file changed, 2 insertions(+), 1 deletion(-)`

			`diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c`
			`index 81f9f40..f273e09 100644`
			`--- a/src/security/virt-aa-helper.c`
			`+++ b/src/security/virt-aa-helper.c`
			`@@ -571,7 +571,8 @@ valid_path(const char *path, const bool readonly)`
			`};`
			`/* override the above with these */`
			`const char * const override[] = {`
			`- "/sys/devices/pci" /* for hostdev pci devices */`
			`+ "/sys/devices/pci", /* for hostdev pci devices */`
			`+ "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */`
			`};`

			`if (path == NULL) {`
			`--`
			`2.1.2`