xenbits.xensource.com Git - libvirt.git/commit

author	Serge Hallyn <serge.hallyn@ubuntu.com>
	Tue, 11 Dec 2012 20:20:29 +0000 (20:20 +0000)
committer	Eric Blake <eblake@redhat.com>
	Tue, 11 Dec 2012 21:27:20 +0000 (14:27 -0700)
commit	88bd1a644bdc12f40b7f5feaaec39ea71c460d79
tree	284263cd8026767f88c298d8999ab50e19dc457c	tree
parent	cdf1a372c68bdf8c350e8086ece4e47ddcf63ddd	commit \| diff

add security hook for permitting hugetlbfs access

When a qemu domain is backed by huge pages, apparmor needs to grant the domain
rw access to files under the hugetlbfs mount point. Add a hook, called in
qemu_process.c, which ends up adding the read-write access through
virt-aa-helper. Qemu will be creating a randomly named file under the
mountpoint and unlinking it as soon as it has mmap()d it, therefore we
cannot predict the full pathname, but for the same reason it is generally
safe to provide access to $path/**.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

src/libvirt_private.syms		diff \| blob \| blame \| history
src/qemu/qemu_process.c		diff \| blob \| blame \| history
src/security/security_driver.h		diff \| blob \| blame \| history
src/security/security_manager.c		diff \| blob \| blame \| history
src/security/security_manager.h		diff \| blob \| blame \| history
src/security/security_stack.c		diff \| blob \| blame \| history
tests/virt-aa-helper-test		diff \| blob \| blame \| history