From 15cad6577f62f39126cc6759f684c44e7543d27c Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 23 Jun 2014 17:19:25 +0200
Subject: [PATCH] security: AppArmor: Implement per-image seclabel restore

Refactor the existing code to allow re-using it for the per-image label
restore too.
---
 src/security/security_apparmor.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index b4cbc6141c..391bf60fcc 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -683,15 +683,23 @@ AppArmorClearSecuritySocketLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
 
 
 /* Called when hotplugging */
+static int
+AppArmorRestoreSecurityImageLabel(virSecurityManagerPtr mgr,
+                                  virDomainDefPtr def,
+                                  virStorageSourcePtr src)
+{
+    if (!virStorageSourceIsLocalStorage(src))
+        return 0;
+
+    return reload_profile(mgr, def, NULL, false);
+}
+
 static int
 AppArmorRestoreSecurityDiskLabel(virSecurityManagerPtr mgr,
                                  virDomainDefPtr def,
                                  virDomainDiskDefPtr disk)
 {
-    if (virDomainDiskGetType(disk) == VIR_STORAGE_TYPE_NETWORK)
-        return 0;
-
-    return reload_profile(mgr, def, NULL, false);
+    return AppArmorRestoreSecurityImageLabel(mgr, def, disk->src);
 }
 
 /* Called when hotplugging */
@@ -975,6 +983,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
     .domainSetSecurityDiskLabel         = AppArmorSetSecurityDiskLabel,
     .domainRestoreSecurityDiskLabel     = AppArmorRestoreSecurityDiskLabel,
 
+    .domainRestoreSecurityImageLabel    = AppArmorRestoreSecurityImageLabel,
+
     .domainSetSecurityDaemonSocketLabel = AppArmorSetSecurityDaemonSocketLabel,
     .domainSetSecuritySocketLabel       = AppArmorSetSecuritySocketLabel,
     .domainClearSecuritySocketLabel     = AppArmorClearSecuritySocketLabel,