[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] 8/10 AppArmor driver updates



On Mon, 2010-04-05 at 16:15 -0500, Jamie Strandboge wrote:

> 8_apparmor-fix-xauth.patch: adjust virt-aa-helper to handle SDL
> graphics, specifically Xauthority[6]. Also remove a couple redundant
> checks

-- 
Jamie Strandboge             | http://www.canonical.com
Author: Jamie Strandboge <jamie canonical com>
Description: adjust virt-aa-helper to handle SDL graphics, specifically
 Xauthority. Also remove a couple redundant checks.
Bug-Ubuntu: https://launchpad.net/bugs/545426

diff -Naur libvirt.orig/src/security/virt-aa-helper.c libvirt/src/security/virt-aa-helper.c
--- libvirt.orig/src/security/virt-aa-helper.c	2010-04-05 15:04:53.000000000 -0500
+++ libvirt/src/security/virt-aa-helper.c	2010-04-05 15:46:40.000000000 -0500
@@ -775,7 +775,7 @@
 
     virBufferVSprintf(buf, "  \"%s\" %s,\n", tmp, perms);
     if (readonly) {
-        virBufferVSprintf(buf, "  # don't audit writes to readonly media\n");
+        virBufferVSprintf(buf, "  # don't audit writes to readonly files\n");
         virBufferVSprintf(buf, "  deny \"%s\" w,\n", tmp);
     }
 
@@ -872,11 +872,11 @@
         if (vah_add_file(&buf, ctl->def->console->data.file.path, "w") != 0)
             goto clean;
 
-    if (ctl->def->os.kernel && ctl->def->os.kernel)
+    if (ctl->def->os.kernel)
         if (vah_add_file(&buf, ctl->def->os.kernel, "r") != 0)
             goto clean;
 
-    if (ctl->def->os.initrd && ctl->def->os.initrd)
+    if (ctl->def->os.initrd)
         if (vah_add_file(&buf, ctl->def->os.initrd, "r") != 0)
             goto clean;
 
@@ -884,6 +884,12 @@
         if (vah_add_file(&buf, ctl->def->os.loader, "r") != 0)
             goto clean;
 
+    if (ctl->def->ngraphics == 1 &&
+        ctl->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL)
+        if (vah_add_file(&buf, ctl->def->graphics[0]->data.sdl.xauth,
+                         "r") != 0)
+            goto clean;
+
     for (i = 0; i < ctl->def->nhostdevs; i++)
         if (ctl->def->hostdevs[i]) {
             virDomainHostdevDefPtr dev = ctl->def->hostdevs[i];

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]