Re: [libvirt] [PATCH 1/2] Don't output libvirt-UUID.files for LXC apparmor profiles
Quoting Cédric Bosdonnat (cbosdonnat(a)suse.com):
---
src/security/virt-aa-helper.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Hi,
I'm acking this anyway bc I think you're right, but I'm trying to
think of a case where this would still be useful. What if we want
to allow only a certain container to have access to its cgroups,
for instance, for nesting containers. Would virt-aa-helper and the
.files be a way this would be done? I suppose we coudl always re-introduce
this in that case...
Acked-by: Serge E. Hallyn <serge.hallyn(a)ubuntu.com>
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index b5f66f3..d563b98 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1342,7 +1342,8 @@ main(int argc, char **argv)
vah_info(include_file);
vah_info(included_files);
rc = 0;
- } else if ((rc = update_include_file(include_file,
+ } else if (ctl->def->virtType != VIR_DOMAIN_VIRT_LXC &&
+ (rc = update_include_file(include_file,
included_files,
ctl->append)) != 0)
goto cleanup;
--
1.8.4.5
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list