libvirt/ce4557c3-apparmor-tapfd-label.patch

commit ce4557c3ab3702639db73615dd144ddf036321ed
Author: Guannan Ren <gren@redhat.com>
Date:   Fri Mar 8 00:16:59 2013 +0800

    apparmor: use AppArmorSetFDLabel for both imageFD and tapFD
    
    Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
    be used as a common function for *ALL* fd relabelling in Linux.
    
    In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
    Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
    The last line is for the tapfd relabelling.
    
     # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
      "/var/log/libvirt/**/rhel6qcow2.log" w,
      "/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
      "/var/run/libvirt/**/rhel6qcow2.pid" rwk,
      "/run/libvirt/**/rhel6qcow2.pid" rwk,
      "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
      "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
      "/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
      "/dev/tap45" rw,

Index: libvirt-1.0.3/src/security/security_apparmor.c
===================================================================
--- libvirt-1.0.3.orig/src/security/security_apparmor.c
+++ libvirt-1.0.3/src/security/security_apparmor.c
@@ -884,9 +884,9 @@ AppArmorRestoreSavedStateLabel(virSecuri
 }
 
 static int
-AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
-                        virDomainDefPtr def,
-                        int fd)
+AppArmorSetFDLabel(virSecurityManagerPtr mgr,
+                   virDomainDefPtr def,
+                   int fd)
 {
     int rc = -1;
     char *proc = NULL;
@@ -915,16 +915,6 @@ AppArmorSetImageFDLabel(virSecurityManag
     return reload_profile(mgr, def, fd_path, true);
 }
 
-/* TODO need code here */
-static int
-AppArmorSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                      virDomainDefPtr def ATTRIBUTE_UNUSED,
-                      int fd ATTRIBUTE_UNUSED)
-{
-    return 0;
-}
-
-
 static char *
 AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                         virDomainDefPtr vm ATTRIBUTE_UNUSED)
@@ -975,8 +965,8 @@ virSecurityDriver virAppArmorSecurityDri
     .domainSetSavedStateLabel           = AppArmorSetSavedStateLabel,
     .domainRestoreSavedStateLabel       = AppArmorRestoreSavedStateLabel,
 
-    .domainSetSecurityImageFDLabel      = AppArmorSetImageFDLabel,
-    .domainSetSecurityTapFDLabel        = AppArmorSetTapFDLabel,
+    .domainSetSecurityImageFDLabel      = AppArmorSetFDLabel,
+    .domainSetSecurityTapFDLabel        = AppArmorSetFDLabel,
 
     .domainGetSecurityMountOptions      = AppArmorGetMountOptions,
 };
- Fix PCI device attach for xen HVM domains fix-pci-attach-xen-driver.patch FATE#313570 - Apparmor security driver: Ensure tapfd's are labled when generating the guest profile. Modified install-apparmor-profiles.patch, added upstream patch ce4557c3-apparmor-tapfd-label.patch bnc#807940 - Grant permission to use datagram packets in libvirtd apparmor profile. Remove AF_PACKET.patch, modify install-apparmor-profiles.patch bnc#801145 - Add 'managed' PCI passthrough support to legacy xen driver support-managed-pci-xen-driver.patch FATE#313570 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=253 2013-03-08 20:47:00 +01:00			`commit ce4557c3ab3702639db73615dd144ddf036321ed`
			`Author: Guannan Ren <gren@redhat.com>`
			`Date: Fri Mar 8 00:16:59 2013 +0800`

			`apparmor: use AppArmorSetFDLabel for both imageFD and tapFD`

			`Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could`
			`be used as a common function for ALL fd relabelling in Linux.`

			`In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773`
			`Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files`
			`The last line is for the tapfd relabelling.`

			`# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.`
			`"/var/log/libvirt/**/rhel6qcow2.log" w,`
			`"/var/lib/libvirt/**/rhel6qcow2.monitor" rw,`
			`"/var/run/libvirt/**/rhel6qcow2.pid" rwk,`
			`"/run/libvirt/**/rhel6qcow2.pid" rwk,`
			`"/var/run/libvirt/*/.tunnelmigrate.dest.rhel6qcow2" rw,`
			`"/run/libvirt/*/.tunnelmigrate.dest.rhel6qcow2" rw,`
			`"/var/lib/libvirt/images/rhel6u3qcow2.img" rw,`
			`"/dev/tap45" rw,`

			`Index: libvirt-1.0.3/src/security/security_apparmor.c`
			`===================================================================`
			`--- libvirt-1.0.3.orig/src/security/security_apparmor.c`
			`+++ libvirt-1.0.3/src/security/security_apparmor.c`
			`@@ -884,9 +884,9 @@ AppArmorRestoreSavedStateLabel(virSecuri`
			`}`

			`static int`
			`-AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,`
			`- virDomainDefPtr def,`
			`- int fd)`
			`+AppArmorSetFDLabel(virSecurityManagerPtr mgr,`
			`+ virDomainDefPtr def,`
			`+ int fd)`
			`{`
			`int rc = -1;`
			`char *proc = NULL;`
			`@@ -915,16 +915,6 @@ AppArmorSetImageFDLabel(virSecurityManag`
			`return reload_profile(mgr, def, fd_path, true);`
			`}`

			`-/* TODO need code here */`
			`-static int`
			`-AppArmorSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,`
			`- virDomainDefPtr def ATTRIBUTE_UNUSED,`
			`- int fd ATTRIBUTE_UNUSED)`
			`-{`
			`- return 0;`
			`-}`
			`-`
			`-`
			`static char *`
			`AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,`
			`virDomainDefPtr vm ATTRIBUTE_UNUSED)`
			`@@ -975,8 +965,8 @@ virSecurityDriver virAppArmorSecurityDri`
			`.domainSetSavedStateLabel = AppArmorSetSavedStateLabel,`
			`.domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel,`

			`- .domainSetSecurityImageFDLabel = AppArmorSetImageFDLabel,`
			`- .domainSetSecurityTapFDLabel = AppArmorSetTapFDLabel,`
			`+ .domainSetSecurityImageFDLabel = AppArmorSetFDLabel,`
			`+ .domainSetSecurityTapFDLabel = AppArmorSetFDLabel,`

			`.domainGetSecurityMountOptions = AppArmorGetMountOptions,`
			`};`