pool/libvirt
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
100796827d
libvirt/411cdaf8-apparmor-check-profile-name.patch
James Fehlig 6db7ff9129 Accepting request 684801 from home:jfehlig:branches:Virtualization 
- hook: encode incoming XML to UTF-8 before passing to lxml etree
  fromstring method
  Modifed suse-qemu-domain-hook.py
  boo#1123642

- libxl: change autoballooning default to disabled
  suse-libxl-disable-autoballoon.patch
  jsc#SLE-3059

- conf: add new 'xenbus' controller type
  09eb1ae0-conf-add-xenbus-controller.patch
- libxl: support Xen's max_grant_frames setting with maxGrantFrames
  attribute on the xenbus controller
  fb059757-libxl-add-xenbus-controller.patch,
  ec5a1191-libxl-support-max-grant-frames.patch,
  5a64c202-xenconfig-support-max-grant-frames.patch
  bsc#1126325

- Replace patches with upstream variants
  Old:
  0001-apparmor-Check-libvirtd-profile-status-by-name.patch,
  0001-qemu-Fix-query-cpus-fast-target-architecture-detecti.patch
  New:
  411cdaf8-apparmor-check-profile-name.patch,
  696239ba-qemu-fix-query-cpus-fast.patch

OBS-URL: https://build.opensuse.org/request/show/684801
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=740
2019-03-13 23:35:01 +00:00

46 lines
1.7 KiB
Diff
Raw Blame History

commit 411cdaf884f35b8dac2be17fcc24e052e11b7d60
Author: Jim Fehlig <jfehlig@suse.com>
Date: Fri Mar 1 14:34:17 2019 -0700
apparmor: Check libvirtd profile status by name
Commit a3ab6d42 changed the libvirtd profile to a named profile,
breaking the apparmor driver's ability to detect if the profile is
active. When the apparmor driver loads it checks the status of the
libvirtd profile using the full binary path, which fails since the
profile is now referenced by name. If the apparmor driver is
explicitly requested in /etc/libvirt/qemu.conf, then libvirtd fails
to load too.
Instead of only checking the profile status by full binary path,
also check by profile name. The full path check is retained in case
users have a customized libvirtd profile with full path.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
Index: libvirt-5.1.0/src/security/security_apparmor.c
===================================================================
--- libvirt-5.1.0.orig/src/security/security_apparmor.c
+++ libvirt-5.1.0/src/security/security_apparmor.c
@@ -257,10 +257,16 @@ use_apparmor(void)
if (access(APPARMOR_PROFILES_PATH, R_OK) != 0)
goto cleanup;
+ /* First check profile status using full binary path. If that fails
+ * check using profile name.
+ */
rc = profile_status(libvirt_daemon, 1);
- /* Error or unconfined should all result in -1*/
- if (rc < 0)
- rc = -1;
+ if (rc < 0) {
+ rc = profile_status("libvirtd", 1);
+ /* Error or unconfined should all result in -1*/
+ if (rc < 0)
+ rc = -1;
+ }
cleanup:
VIR_FREE(libvirt_daemon);
Reference in New Issue View Git Blame Copy Permalink