rpm/libvirt
SHA256
1
0
Fork 0
forked from pool/libvirt
Code Pull Requests Activity

Accepting request 558919 from home:cbosdonnat:branches:Virtualization

Browse Source 
- Enhance apparmor rules for virt-aa-helper (bsc#1070916)
  0f33025a-virt-aa-helper-handle-more-disk-images.patch

OBS-URL: https://build.opensuse.org/request/show/558919
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=653
This commit is contained in:
Cédric Bosdonnat 2017-12-20 19:41:21 +00:00 committed by Git OBS Bridge
parent 690cef5c1e
commit 21a15fa2f7
3 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
0001-virt-aa-helper-handle-more-disk-images.patch → 0f33025a-virt-aa-helper-handle-more-disk-images.patch
View File

@ -1,4 +1,4 @@
From 4fafa4c0b150c011ae905dfebcb7b42d20d8390b Mon Sep 17 00:00:00 2001 From 0f33025a43788f7f3483dfac6ab0b9f79c0d7957 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com> From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Mon, 11 Dec 2017 11:09:31 +0100 Date: Mon, 11 Dec 2017 11:09:31 +0100
Subject: [PATCH] virt-aa-helper: handle more disk images Subject: [PATCH] virt-aa-helper: handle more disk images
@ -14,12 +14,12 @@ This commit also adds rules to allow reading files named:
- *.raw as this is a rather common disk image extension - *.raw as this is a rather common disk image extension
- /run/libvirt/**[vd]d[a-z] as these are used by virt-sandbox - /run/libvirt/**[vd]d[a-z] as these are used by virt-sandbox
--- ---
examples/Makefile.am | 23 +++++++++++++++++++++-- examples/Makefile.am | 24 ++++++++++++++++++++++--
examples/apparmor/usr.lib.libvirt.virt-aa-helper | 4 ++++ examples/apparmor/usr.lib.libvirt.virt-aa-helper | 5 +++++
2 files changed, 25 insertions(+), 2 deletions(-) 2 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/examples/Makefile.am b/examples/Makefile.am diff --git a/examples/Makefile.am b/examples/Makefile.am
index ef2f79db3..eca3506b0 100644 index ef2f79db3..7069d74e7 100644
--- a/examples/Makefile.am --- a/examples/Makefile.am
+++ b/examples/Makefile.am +++ b/examples/Makefile.am
@@ -67,6 +67,9 @@ admin_client_info_SOURCES = admin/client_info.c @@ -67,6 +67,9 @@ admin_client_info_SOURCES = admin/client_info.c
@ -32,7 +32,7 @@ index ef2f79db3..eca3506b0 100644
if WITH_APPARMOR_PROFILES if WITH_APPARMOR_PROFILES
apparmordir = $(sysconfdir)/apparmor.d/ apparmordir = $(sysconfdir)/apparmor.d/
apparmor_DATA = \ apparmor_DATA = \
@@ -85,20 +88,36 @@ templates_DATA = \ @@ -85,20 +88,37 @@ templates_DATA = \
apparmor/TEMPLATE.qemu \ apparmor/TEMPLATE.qemu \
apparmor/TEMPLATE.lxc \ apparmor/TEMPLATE.lxc \
$(NULL) $(NULL)
@ -40,7 +40,8 @@ index ef2f79db3..eca3506b0 100644
+APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local" +APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"
+install-apparmor-local: +install-apparmor-local:
+ $(MKDIR_P) "$(APPARMOR_LOCAL_DIR)" + $(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
+ echo "# Site-specific additions and overrides for 'usr.lib.libvirt.virt-aa-helper'" \ + echo "# Site-specific additions and overrides for \
+ 'usr.lib.libvirt.virt-aa-helper'" \
+ >$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper + >$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper
+ +
+INSTALL_DATA_LOCAL += install-apparmor-local +INSTALL_DATA_LOCAL += install-apparmor-local
@ -72,18 +73,10 @@ index ef2f79db3..eca3506b0 100644
+ +
+uninstall-local: $(UNINSTALL_LOCAL) +uninstall-local: $(UNINSTALL_LOCAL)
diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
index bd6181d00..f3069d369 100644 index bd6181d00..9c822b644 100644
--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -3,6 +3,7 @@ @@ -50,11 +50,16 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
#include <abstractions/base>
+ #include <local/usr.lib.libvirt.virt-aa-helper>
# needed for searching directories
capability dac_override,
@@ -50,8 +51,11 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
/var/lib/libvirt/images/ r, /var/lib/libvirt/images/ r,
/var/lib/libvirt/images/** r, /var/lib/libvirt/images/** r,
/{media,mnt,opt,srv}/** r, /{media,mnt,opt,srv}/** r,
@ -95,6 +88,11 @@ index bd6181d00..f3069d369 100644
/**.qcow{,2} r, /**.qcow{,2} r,
/**.qed r, /**.qed r,
/**.vmdk r, /**.vmdk r,
/**.[iI][sS][oO] r,
/**/disk{,.*} r,
+
+ #include <local/usr.lib.libvirt.virt-aa-helper>
}
-- --
2.15.1 2.15.1

2
libvirt.changes
View File

@ -6,6 +6,8 @@ Wed Dec 20 16:58:50 UTC 2017 - cbosdonnat@suse.com
daemon-close-crasher.patch daemon-close-crasher.patch
- Set a hostname on lxc containers based on guest's name. - Set a hostname on lxc containers based on guest's name.
lxc-hostname.patch lxc-hostname.patch
- Enhance apparmor rules for virt-aa-helper (bsc#1070916)
0f33025a-virt-aa-helper-handle-more-disk-images.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Dec 18 17:08:28 UTC 2017 - jfehlig@suse.com Mon Dec 18 17:08:28 UTC 2017 - jfehlig@suse.com

8
libvirt.spec
View File

@ -311,6 +311,7 @@ Source100: %{name}-rpmlintrc
Patch0: 2d07f1f0-fix-storage-crash.patch Patch0: 2d07f1f0-fix-storage-crash.patch
Patch1: 69ed99c7-dom0-persistent.patch Patch1: 69ed99c7-dom0-persistent.patch
Patch2: 8599aedd-libvirt-guests-dom0-filter.patch Patch2: 8599aedd-libvirt-guests-dom0-filter.patch
Patch3: 0f33025a-virt-aa-helper-handle-more-disk-images.patch
# Patches pending upstream review # Patches pending upstream review
Patch100: libxl-dom-reset.patch Patch100: libxl-dom-reset.patch
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@ -321,9 +322,8 @@ Patch152: libvirt-power8-models.patch
Patch153: ppc64le-canonical-name.patch Patch153: ppc64le-canonical-name.patch
Patch154: libxl-set-migration-constraints.patch Patch154: libxl-set-migration-constraints.patch
Patch155: libxl-set-cach-mode.patch Patch155: libxl-set-cach-mode.patch
Patch156: 0001-virt-aa-helper-handle-more-disk-images.patch Patch156: lxc-hostname.patch
Patch157: lxc-hostname.patch Patch157: daemon-close-crasher.patch
Patch158: daemon-close-crasher.patch
# Our patches # Our patches
Patch200: suse-libvirtd-disable-tls.patch Patch200: suse-libvirtd-disable-tls.patch
Patch201: suse-libvirtd-sysconfig-settings.patch Patch201: suse-libvirtd-sysconfig-settings.patch
@ -892,6 +892,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
%patch100 -p1 %patch100 -p1
%patch101 -p1 %patch101 -p1
%patch150 -p1 %patch150 -p1
@ -902,7 +903,6 @@ libvirt plugin for NSS for translating domain names into IP addresses.
%patch155 -p1 %patch155 -p1
%patch156 -p1 %patch156 -p1
%patch157 -p1 %patch157 -p1
%patch158 -p1
%patch200 -p1 %patch200 -p1
%patch201 -p1 %patch201 -p1
%patch202 -p1 %patch202 -p1