On 19 June 2015 at 21:30, Serge Hallyn <serge.hallyn@ubuntu.com> wrote:

Quoting Michal Dubiel (md@semihalf.com):
> QEMU working in vhost-user mode communicates with the other end (i.e.
> some virtual router application) via unix domain sockets. This requires
> that permissions for the socket files are correctly written into
> /etc/apparmor.d/libvirt/libvirt-UUID.files.
>
> Signed-off-by: Michal Dubiel <md@semihalf.com>
> ---
> src/security/virt-aa-helper.c | 24 +++++++++++++-----------
> 1 file changed, 13 insertions(+), 11 deletions(-)
>
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index 35423b5..a097aa6 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -592,19 +592,9 @@ valid_path(const char *path, const bool readonly)
>
> if (!virFileExists(path)) {
> vah_warning(_("path does not exist, skipping file type checks"));
> - } else {
> - if (stat(path, &sb) == -1)
> + } else if (stat(path, &sb) == -1)
> return -1;

Hi,

Why keep this bit? sb is not used later in the fn, and you
already know that access(2) didn't return ENOENT.

You are right, it is not needed. Thanks for pointing this out. I will update the patch accordingly.

Regards,

Michal