libvirt/ce4557c3-apparmor-tapfd-label.patch
James Fehlig 6bfebf3884 - Fix PCI device attach for xen HVM domains
fix-pci-attach-xen-driver.patch
  FATE#313570

- Apparmor security driver: Ensure tapfd's are labled when
  generating the guest profile.
  Modified install-apparmor-profiles.patch, added upstream patch
  ce4557c3-apparmor-tapfd-label.patch
  bnc#807940

- Grant permission to use datagram packets in libvirtd apparmor
  profile.
  Remove AF_PACKET.patch, modify install-apparmor-profiles.patch
  bnc#801145

- Add 'managed' PCI passthrough support to legacy xen driver
  support-managed-pci-xen-driver.patch
  FATE#313570

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=253
2013-03-08 19:47:00 +00:00

69 lines
2.6 KiB
Diff

commit ce4557c3ab3702639db73615dd144ddf036321ed
Author: Guannan Ren <gren@redhat.com>
Date: Fri Mar 8 00:16:59 2013 +0800
apparmor: use AppArmorSetFDLabel for both imageFD and tapFD
Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
be used as a common function for *ALL* fd relabelling in Linux.
In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
The last line is for the tapfd relabelling.
# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
"/var/log/libvirt/**/rhel6qcow2.log" w,
"/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
"/var/run/libvirt/**/rhel6qcow2.pid" rwk,
"/run/libvirt/**/rhel6qcow2.pid" rwk,
"/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
"/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
"/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
"/dev/tap45" rw,
Index: libvirt-1.0.3/src/security/security_apparmor.c
===================================================================
--- libvirt-1.0.3.orig/src/security/security_apparmor.c
+++ libvirt-1.0.3/src/security/security_apparmor.c
@@ -884,9 +884,9 @@ AppArmorRestoreSavedStateLabel(virSecuri
}
static int
-AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
- virDomainDefPtr def,
- int fd)
+AppArmorSetFDLabel(virSecurityManagerPtr mgr,
+ virDomainDefPtr def,
+ int fd)
{
int rc = -1;
char *proc = NULL;
@@ -915,16 +915,6 @@ AppArmorSetImageFDLabel(virSecurityManag
return reload_profile(mgr, def, fd_path, true);
}
-/* TODO need code here */
-static int
-AppArmorSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
- virDomainDefPtr def ATTRIBUTE_UNUSED,
- int fd ATTRIBUTE_UNUSED)
-{
- return 0;
-}
-
-
static char *
AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
virDomainDefPtr vm ATTRIBUTE_UNUSED)
@@ -975,8 +965,8 @@ virSecurityDriver virAppArmorSecurityDri
.domainSetSavedStateLabel = AppArmorSetSavedStateLabel,
.domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel,
- .domainSetSecurityImageFDLabel = AppArmorSetImageFDLabel,
- .domainSetSecurityTapFDLabel = AppArmorSetTapFDLabel,
+ .domainSetSecurityImageFDLabel = AppArmorSetFDLabel,
+ .domainSetSecurityTapFDLabel = AppArmorSetFDLabel,
.domainGetSecurityMountOptions = AppArmorGetMountOptions,
};