This commit aims to address the bug reported in [1] and [2].
If the profile is corrupted (0-size) the VM cannot be launched.
To overcome this, check if the profile exists and if it has 0 size
remove it.
[1]
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890084
[2]
https://bugs.launchpad.net/bugs/1927519
Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki(a)canonical.com>
---
src/security/virt-aa-helper.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 7c21ab9515..218e07bfb0 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1437,6 +1437,8 @@ main(int argc, char **argv)
int rc = -1;
char *profile = NULL;
char *include_file = NULL;
+ off_t size;
+ bool purged = 0;
if (virGettextInitialize() < 0 ||
virErrorInitialize() < 0) {
@@ -1484,6 +1486,22 @@ main(int argc, char **argv)
if (ctl->cmd == 'c' && virFileExists(profile))
vah_error(ctl, 1, _("profile exists"));
+ /*
+ * Rare cases can leave corrupted empty files behind breaking
+ * the guest. An empty file is never correct as virt-aa-helper
+ * would at least add the basic rules, therefore clean this up
+ * for a proper refresh.
+ */
+ if (virFileExists(profile)) {
+ size = virFileLength(profile, -1);
+ if (size == 0) {
+ vah_warning(_("Profile of 0 size detected, will attempt to
remove it"));
+ if ((rc = parserRemove(ctl->uuid) != 0))
+ vah_error(ctl, 1, _("could not remove
profile"));
+ unlink(profile);
+ purged = true;
+ }
+ }
if (ctl->append && ctl->newfile) {
if (vah_add_file(&buf, ctl->newfile, "rwk") != 0)
goto cleanup;
@@ -1523,7 +1541,7 @@ main(int argc, char **argv)
/* create the profile from TEMPLATE */
- if (ctl->cmd == 'c') {
+ if (ctl->cmd == 'c' || purged) {
char *tmp = NULL;
tmp = g_strdup_printf(" #include <libvirt/%s.files>\n",
ctl->uuid);
--
2.17.1