virt-aa-helper: add NVRAM store file for read/write

This is a cryptographically signed message in MIME format.

Some UEFI firmwares may want to use a non-volatile memory to store some
variables.
If AppArmor is enabled, and NVRAM store file is set currently
virt-aa-helper does
not add the NVRAM store file to the template. Add this file for
read/write when
this functionality is defined in domain XML.

Signed-off-by: Peter Kieser <peter@kieser.ca>

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index f163fe777cbf61b828c1da47ed86aa5e8d831fba..a78c4c8db639d46f5de7441056a0c2bc6ec705f4 100644 (file)
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1057,6 +1057,10 @@ get_files(vahControl * ctl)
         if (vah_add_file(&buf, ctl->def->os.loader->path, "r") != 0)
             goto cleanup;
 
+    if (ctl->def->os.loader && ctl->def->os.loader->nvram)
+        if (vah_add_file(&buf, ctl->def->os.loader->nvram, "rw") != 0)
+            goto cleanup;
+
     for (i = 0; i < ctl->def->ngraphics; i++) {
         if (ctl->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
             ctl->def->graphics[i]->data.vnc.socket &&