On 03/01/2013 08:37 AM, Jim Fehlig wrote:
Eric Blake wrote:
On 02/27/2013 04:51 PM, Jim Fehlig wrote:
With the apparmor security driver enabled, qemu instances fail to start
# grep ^security_driver /etc/libvirt/qemu.conf security_driver = "apparmor" # virsh start test-kvm error: Failed to start domain test-kvm error: internal error security label already defined for VM
The model field of virSecurityLabelDef object is always populated by virDomainDefGetSecurityLabelDef(), so remove the check for a NULL model when verifying if a label is already defined for the instance.
Checking for a NULL model and populating it later in AppArmorGenSecurityLabel() has been left in the code to be consistent with virSecuritySELinuxGenSecurityLabel(). --- src/security/security_apparmor.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)
ACK; and safe for 1.0.3.
Thanks, pushed now.
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Hi Jim In selinux, libvirt added a label for tapfd. Do you think this patch makes sense for apparmor? https://www.redhat.com/archives/libvir-list/2012-October/msg01461.html Gunannan