Re: [libvirt] [PATCH 1/1] virt-aa-helper: add unix channels (esp for qemu-guest-agent)
Quoting Ján Tomko (jtomko(a)redhat.com):
On Mon, Apr 06, 2015 at 04:12:03PM +0000, Serge Hallyn wrote:
> The original bug report was at
> https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1393842
>
> Signed-off-by: Serge Hallyn <serge.hallyn(a)ubuntu.com>
> ---
> src/security/virt-aa-helper.c | 1 +
> 1 file changed, 1 insertion(+)
>
ACK
Should virt-aa-helper-test be updated too?
I guess so.
More importantly, are there cases in libvirt where there is a an abstract
UNIX channel? If so then we'd have to avoid those cases. The current code
will write out an empty string for the file path, which probably will result
in a corrupt policy.
Jan
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index e53779e..8ec95c1 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -998,6 +998,7 @@ get_files(vahControl * ctl)
> (ctl->def->channels[i]->source.type == VIR_DOMAIN_CHR_TYPE_PTY
||
> ctl->def->channels[i]->source.type == VIR_DOMAIN_CHR_TYPE_DEV
||
> ctl->def->channels[i]->source.type ==
VIR_DOMAIN_CHR_TYPE_FILE ||
> + ctl->def->channels[i]->source.type ==
VIR_DOMAIN_CHR_TYPE_UNIX ||
> ctl->def->channels[i]->source.type ==
VIR_DOMAIN_CHR_TYPE_PIPE) &&
> ctl->def->channels[i]->source.data.file.path)
> if (vah_add_file_chardev(&buf,
> --
> 2.1.4
>
> --
> libvir-list mailing list
> libvir-list(a)redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list