openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

security, apparmor: implement domainSetPathLabel 

This came up in discussions around huge pages, but it will cover
more per guest paths that should be added to the guests apparmor profile:
 - keys via qemuDomainWriteMasterKeyFile
 - per domain dirs via qemuProcessMakeDir
 - memory backing paths via qemuProcessBuildDestroyMemoryPathsImpl

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
This commit is contained in:
Christian Ehrhardt 2018-01-09 16:04:02 +01:00 committed by Michal Privoznik
parent 5924977870
commit f436a78239
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/security/security_apparmor.c
View File

@ -953,6 +953,13 @@ AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr,
return reload_profile(mgr, def, savefile, true); return reload_profile(mgr, def, savefile, true);
} }
static int
AppArmorSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path)
{
return reload_profile(mgr, def, path, true);
}
static int static int
AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr, AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
@ -1045,6 +1052,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
.domainSetSavedStateLabel = AppArmorSetSavedStateLabel, .domainSetSavedStateLabel = AppArmorSetSavedStateLabel,
.domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel, .domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel,
.domainSetPathLabel = AppArmorSetPathLabel,
.domainSetSecurityImageFDLabel = AppArmorSetFDLabel, .domainSetSecurityImageFDLabel = AppArmorSetFDLabel,
.domainSetSecurityTapFDLabel = AppArmorSetFDLabel, .domainSetSecurityTapFDLabel = AppArmorSetFDLabel,