[libvirt] [PATCH v2 5/5] apparmor: handle "none" type
Cédric Bosdonnat
cbosdonnat at suse.com
Mon Mar 3 10:26:46 UTC 2014
---
src/security/security_apparmor.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 1c1b128..a74a91c 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -417,7 +417,8 @@ AppArmorGenSecurityLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (!secdef)
return -1;
- if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
+ if ((secdef->type == VIR_DOMAIN_SECLABEL_STATIC) ||
+ (secdef->type == VIR_DOMAIN_SECLABEL_NONE))
return 0;
if (secdef->baselabel) {
@@ -580,6 +581,9 @@ AppArmorSetSecurityProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (!secdef)
return -1;
+ if (secdef->label == NULL)
+ return 0;
+
if ((profile_name = get_profile_name(def)) == NULL)
return rc;
@@ -626,6 +630,9 @@ AppArmorSetSecurityChildProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
if (!secdef)
goto cleanup;
+ if (secdef->label == NULL)
+ return 0;
+
if (STRNEQ(SECURITY_APPARMOR_NAME, secdef->model)) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("security label driver mismatch: "
--
1.8.5.2
More information about the libvir-list
mailing list