pool/libvirt
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
66496e6725
libvirt/91fdcefa-virt-aa-helper-allow-nvram.patch
James Fehlig 8af0df1210 Accepting request 327805 from home:jfehlig:branches:Virtualization 
Add fixes from SLE12 SP1 to Factory libvirt package.

- Replace local libxl patches with upstream variants
  Dropped:
  0003-libxl-fix-ref-counting-of-libxlMigrationDstArgs.patch
  0004-libxl-don-t-attempt-to-resume-domain-when-suspend-fa.patch
  0005-libxl-acquire-a-job-when-receiving-a-migrating-domai.patch
  Added:
  44a54eb0-libxl-fix-refcnt-MigrationDstArgs.patch
  15120b8c-libxl-no-resume-on-suspend-fail.patch
  e80b84a7-libxl-acquire-job-on-migrate.patch
  bsc#936185
- Added another virt-aa-helper upstream patch
  52970dec-virt-aa-helper-improve-valid-path.patch
  lp#1483071
- Added upstream patch to fix libvirt-tck memory balloon test
  failure on Xen
  60acb38-revert-curmem-inactive-dom.patch

- Fix generated apparmor profile to allow access to ovmf and nvram.
  26c5fa3a-virt-aa-helper-missing-doc.patch
  2f01cfdf-virt-aa-helper-allow-ovmf.patch
  91fdcefa-virt-aa-helper-allow-nvram.patch
  d25a5e08-virt-aa-helper-simplify-restriction-logic.patch
  lp#1483071

OBS-URL: https://build.opensuse.org/request/show/327805
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=479
2015-08-28 20:30:35 +00:00

36 lines
1.4 KiB
Diff
Raw Blame History

From 91fdcefa7f145c1c39acc8e9a44fbfbf11568e54 Mon Sep 17 00:00:00 2001
From: Peter Kieser <peter@kieser.ca>
Date: Thu, 20 Aug 2015 10:58:59 -0700
Subject: [PATCH 4/4] virt-aa-helper: add NVRAM store file for read/write
This is a cryptographically signed message in MIME format.
Some UEFI firmwares may want to use a non-volatile memory to store some
variables.
If AppArmor is enabled, and NVRAM store file is set currently
virt-aa-helper does
not add the NVRAM store file to the template. Add this file for
read/write when
this functionality is defined in domain XML.
Signed-off-by: Peter Kieser <peter@kieser.ca>
---
src/security/virt-aa-helper.c | 4 ++++
1 file changed, 4 insertions(+)
Index: libvirt-1.2.18/src/security/virt-aa-helper.c
===================================================================
--- libvirt-1.2.18.orig/src/security/virt-aa-helper.c
+++ libvirt-1.2.18/src/security/virt-aa-helper.c
@@ -1057,6 +1057,10 @@ get_files(vahControl * ctl)
if (vah_add_file(&buf, ctl->def->os.loader->path, "r") != 0)
goto cleanup;
+ if (ctl->def->os.loader && ctl->def->os.loader->nvram)
+ if (vah_add_file(&buf, ctl->def->os.loader->nvram, "rw") != 0)
+ goto cleanup;
+
for (i = 0; i < ctl->def->ngraphics; i++) {
if (ctl->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
ctl->def->graphics[i]->data.vnc.socket &&
Reference in New Issue View Git Blame Copy Permalink