Re: [libvirt] [PATCH] virt-aa-helper: add NVRAM store file for read/write

Hi, On Thu, Aug 20, 2015 at 10:58:59AM -0700, Peter Kieser wrote: > Some UEFI firmwares may want to use a non-volatile memory to store some > variables. > If AppArmor is enabled, and NVRAM store file is set currently virt-aa-helper > does > not add the NVRAM store file to the template. Add this file for read/write > when > this functionality is defined in domain XML. I'm not an export on apparmor things but it makes sense to me. ACK

Cheers, -- Guido > > Signed-off-by: Peter Kieser <peter(a)kieser.ca&gt; > --- > src/security/virt-aa-helper.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c > index 4ce1e7a..2f93172 100644 > --- a/src/security/virt-aa-helper.c > +++ b/src/security/virt-aa-helper.c > @@ -1047,6 +1047,10 @@ get_files(vahControl * ctl) > if (vah_add_file(&buf, ctl->def->os.loader->path, "r") != 0) > goto cleanup; > > + if (ctl->def->os.loader && ctl->def->os.loader->nvram) > + if (vah_add_file(&buf, ctl->def->os.loader->nvram, "rw") != 0) > + goto cleanup; > + > for (i = 0; i < ctl->def->ngraphics; i++) { > if (ctl->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC && > ctl->def->graphics[i]->data.vnc.socket && > > > -- > libvir-list mailing list > libvir-list(a)redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list(a)redhat.com https://www.redhat.com/mailman/listinfo/libvir-list