This patch-series aims to address the bug reported in [1] and [2].
Bug description :
Some times libvirt fails to start a vm with the following error :
libvirt: error : unable to set AppArmor profile
'libvirt-b05b297f-952f-42d6-b04e-f9a13767db54' for '/usr/bin/kvm-spice':
No such file or directory
This happens because file /etc/apparmor.d/libvirt/libvirt-<vm-uuid> has 0 size.
During the vm start-up virt-aa-helper tries to load the profile and because it is 0 it
fails.
When file /etc/apparmor.d/libvirt/libvirt-<vm-uuid> is removed the vm can start
without problems.
To address this issue this patch-series suggests the following.
On the vm start-up check if the profile has 0 size and if this is the case
remove it and create it again.
To do so a new option (-P) is introduced and also create and remove profile
fuctionalities are placed into separate functions.
The first commit moves create and remove functionlites into functinos for later
reuse from different places.
The second commit adds a new option (-P) to remove the profile file.
The thid commit implements the actual fix (check if the profile has 0 size and if
so remove it and create it again).
The fourth patch adds a test for the above fix.
[1]
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1927519
[2]
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890084
Ioanna Alifieraki (4):
virt-aa-helper: Move create and remove profile into separate functions
virt-aa-helper: Add new purge (-P) option
virt-aa-helper: Purge profile if corrupted
virt-aa-helper: test: add test for new option -P
src/security/virt-aa-helper.c | 87 ++++++++++++++++++++++++++---------
tests/meson.build | 1 +
tests/virt-aa-helper-test | 29 ++++++++++++
3 files changed, 96 insertions(+), 21 deletions(-)
--
2.17.1