[libvirt] [PATCH v2 0/5] Apparmor support for less common devices
Christian Ehrhardt
christian.ehrhardt at canonical.com
Wed Mar 21 12:10:49 UTC 2018
So far users added manual rules for most of these uncommon devices,
but recent changes made some of the callbacks mandatory for hotplug
so we should take shot at implementing them as those callbacks as well
as for the initial start of a guest via virt-aa-helper.
*Updates since v1*
- (Set|Restore)*Label: remove seclabel check already done in reload_profile
- virt-aa-helper: check pointers before accessing them
- add tests for new virt-aa-helper supported xml elements
- extend tests to check for expected content (new patch in series)
Christian Ehrhardt (5):
security, apparmor: add (Set|Restore)MemoryLabel
security, apparmor: add (Set|Restore)InputLabel
virt-aa-helper: generate rules for passthrough input devices
virt-aa-helper: generate rules for nvdimm memory
virt-aa-helper: test: check for expected profile content
src/security/security_apparmor.c | 88 ++++++++++++++++++++++++++++++++++++++++
src/security/virt-aa-helper.c | 16 ++++++++
tests/virt-aa-helper-test | 88 ++++++++++++++++++++++++----------------
3 files changed, 158 insertions(+), 34 deletions(-)
--
2.7.4
More information about the libvir-list
mailing list