On Fri, 2015-08-21 at 11:01 +0200, Guido Günther wrote:
Hi, On Thu, Aug 20, 2015 at 10:58:59AM -0700, Peter Kieser wrote:
Some UEFI firmwares may want to use a non-volatile memory to store some variables. If AppArmor is enabled, and NVRAM store file is set currently virt-aa-helper does not add the NVRAM store file to the template. Add this file for read/write when this functionality is defined in domain XML.
I'm not an export on apparmor things but it makes sense to me. ACK
ACK from me too. Just pushed it. -- Cedric
Cheers, -- Guido
Signed-off-by: Peter Kieser <peter@kieser.ca> --- src/security/virt-aa-helper.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 4ce1e7a..2f93172 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1047,6 +1047,10 @@ get_files(vahControl * ctl) if (vah_add_file(&buf, ctl->def->os.loader->path, "r") != 0) goto cleanup;
+ if (ctl->def->os.loader && ctl->def->os.loader->nvram) + if (vah_add_file(&buf, ctl->def->os.loader->nvram, "rw") != 0) + goto cleanup; + for (i = 0; i < ctl->def->ngraphics; i++) { if (ctl->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC && ctl->def->graphics[i]->data.vnc.socket &&
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list