Re: [PATCH] apparmor: Don't check for existence of templates upfront
On Mon, Sep 16, 2024 at 04:04:40PM GMT, Daniel P. Berrangé wrote:
On Mon, Sep 16, 2024 at 04:55:55PM +0200, Andrea Bolognani wrote:
> static virSecurityDriverStatus
> AppArmorSecurityManagerProbe(const char *virtDriver G_GNUC_UNUSED)
We're passing the virt driver name ("QEMU" or "LXC") in here and
not using
it.....
...rather than delete these, pick the right check to perform based
on 'virtDriver' value.
eg approximately like this
g_autofree char *template_name = g_strdup(virtDriver);
for (i = 0; template_name[i]; i++)
template_name[i] = tolower(template_name[i])
template = g_strdup_printf("%s/TEMPLATE.%s", APPARMOR_DIR
"/libvirt", template_name)
I can give it a shot, but it still seems pointless to check whether
the files are available ahead of time when virt-aa-helper will do
that at the time when they're actually going to be used. What do we
gain by doing that?
--
Andrea Bolognani / Red Hat / Virtualization