Re: [libvirt] [PATCH 0/4] apparmor: implement more domain callbacks

On 01/03/2018 06:00 PM, Christian Ehrhardt wrote: > Based on a discussion in [1] I found that the AppArmor security > module lacked some callbacks. Implementing those not only fixes > the issue I had before but will also cover a few more cases I > didn't even run into so far. > > [1]: https://www.redhat.com/archives/libvir-list/2017-December/msg00726.html > > Christian Ehrhardt (4): > security, apparmor: implement domainSetPathLabel > security: full path option for DomainSetPathLabel > security, apparmor: add (Set|Restore)ChardevLabel > apparmor, virt-aa-helper: drop static channel rule > > src/qemu/qemu_domain.c | 2 +- > src/qemu/qemu_process.c | 4 +- > src/security/security_apparmor.c | 96 ++++++++++++++++++++++++++++++++++++++++ > src/security/security_dac.c | 3 +- > src/security/security_driver.h | 3 +- > src/security/security_manager.c | 5 ++- > src/security/security_manager.h | 3 +- > src/security/security_selinux.c | 3 +- > src/security/security_stack.c | 5 ++- > src/security/virt-aa-helper.c | 2 - > 10 files changed, 113 insertions(+), 13 deletions(-) > Looking good, but I've raised some small nits. Can you take a look and possibly reply or send v2 directly?