[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [sandbox][PATCH 1/2] AppArmor support



On Tue, Nov 25, 2014 at 02:29:25PM +0100, Cédric Bosdonnat wrote:
Implement construction of apparmor security labels. The choice between
selinux and apparmor model isn't exposed to the user, but guessed
depending on what the host supports.
---
bin/virt-sandbox-service                  | 15 ++++++++-------
libvirt-sandbox/libvirt-sandbox-builder.c | 32 +++++++++++++++++++++++++++++++
2 files changed, 40 insertions(+), 7 deletions(-)

[...]
diff --git a/libvirt-sandbox/libvirt-sandbox-builder.c b/libvirt-sandbox/libvirt-sandbox-builder.c
index 48fc9bc..bcad652 100644
--- a/libvirt-sandbox/libvirt-sandbox-builder.c
+++ b/libvirt-sandbox/libvirt-sandbox-builder.c
@@ -358,6 +358,31 @@ static gboolean gvir_sandbox_builder_construct_security_selinux (GVirSandboxBuil
    return TRUE;
}

+static gboolean gvir_sandbox_builder_construct_security_apparmor(GVirSandboxBuilder *builder,
+                                                                 GVirSandboxConfig *config,
+                                                                 GVirConfigDomain *domain,
+                                                                 GError **error)
+{
+    GVirConfigDomainSeclabel *sec = gvir_config_domain_seclabel_new();
+    const char *label = gvir_sandbox_config_get_security_label(config);
+
+    gvir_config_domain_seclabel_set_model(sec, "apparmor");
+    if (gvir_sandbox_config_get_security_dynamic(config)) {
+        gvir_config_domain_seclabel_set_type(sec,
+                                             GVIR_CONFIG_DOMAIN_SECLABEL_DYNAMIC);

There probably isn't something like a 'baselabel' in apparmor, right?
Because that could be set if there is a label in the config.

Anyway, ACK,

Martin

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]