Quoting Michal Dubiel (md@semihalf.com):
> QEMU working in vhost-user mode communicates with the other end (i.e.
> some virtual router application) via unix domain sockets. This requires
> that permissions for the socket files are correctly written into
> /etc/apparmor.d/libvirt/libvirt-UUID.files.
>
> Signed-off-by: Michal Dubiel <md@semihalf.com>
> ---
> src/security/virt-aa-helper.c | 24 +++++++++++++-----------
> 1 file changed, 13 insertions(+), 11 deletions(-)
>
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index 35423b5..a097aa6 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -592,19 +592,9 @@ valid_path(const char *path, const bool readonly)
>
> if (!virFileExists(path)) {
> vah_warning(_("path does not exist, skipping file type checks"));
> - } else {
> - if (stat(path, &sb) == -1)
> + } else if (stat(path, &sb) == -1)
> return -1;
Hi,
Why keep this bit? sb is not used later in the fn, and you
already know that access(2) didn't return ENOENT.