[PATCH 3/4] virt-aa-helper: Purge profile if corrupted
This commit aims to address the bug reported in [1] and [2].
If the profile is corrupted (0-size) the VM cannot be launched.
To overcome this check if the profile exists and if it has 0 size
remove it and create it again.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890084
[2] https://bugs.launchpad.net/bugs/1927519
Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki(a)canonical.com>
---
src/security/virt-aa-helper.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 5ec0fb8807..5e13b29053 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1489,6 +1489,7 @@ main(int argc, char **argv)
int rc = -1;
char *profile = NULL;
char *include_file = NULL;
+ off_t size;
if (virGettextInitialize() < 0 ||
virErrorInitialize() < 0) {
@@ -1534,6 +1535,28 @@ main(int argc, char **argv)
if (ctl->cmd == 'c' && virFileExists(profile))
vah_error(ctl, 1, _("profile exists"));
+ /*
+ * Rare cases can leave corrupted empty files behind breaking
+ * the guest. An empty file is never correct as virt-aa-helper
+ * would at least add the basic rules, therefore clean this up
+ * for a proper refresh.
+ */
+
+ if (virFileExists(profile)) {
+ size = virFileLength(profile, -1);
+ if (size == 0) {
+ char temp;
+ vah_warning(_("Profile of 0 size detected, will attempt to remove
and re-create it"));
+ temp = ctl->cmd;
+ ctl->cmd = 'P';
+ if ((rc = remove_profile(ctl, profile, include_file)) != 0)
+ vah_error(ctl, 1, _("could not remove corrupted
profile"));
+ ctl->cmd = temp;
+ if ((rc = create_profile(ctl, profile, include_file)) != 0)
+ vah_error(ctl, 1, _("could not re-create profile"));
+ }
+ }
+
if (ctl->append && ctl->newfile) {
if (vah_add_file(&buf, ctl->newfile, "rwk") != 0)
goto cleanup;
--
2.17.1