apparmor: implement AppArmorSetFDLabel()

author Jamie Strandboge <jamie@canonical.com>

Mon, 20 Jun 2011 03:53:24 +0000 (11:53 +0800)

committer Daniel Veillard <veillard@redhat.com>

Mon, 20 Jun 2011 03:53:24 +0000 (11:53 +0800)
author Jamie Strandboge <jamie@canonical.com>
Mon, 20 Jun 2011 03:53:24 +0000 (11:53 +0800)
committer Daniel Veillard <veillard@redhat.com>
Mon, 20 Jun 2011 03:53:24 +0000 (11:53 +0800)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c

index f47ded7c328aed9542b59e39822354e54ff83ac5..4d77643e24c4e8c2b6e67a86d1f475eed6caa390 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -757,11 +757,31 @@ AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
  }
  
  static int
-AppArmorSetFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                   virDomainObjPtr vm ATTRIBUTE_UNUSED,
-                   int fd ATTRIBUTE_UNUSED)
+AppArmorSetFDLabel(virSecurityManagerPtr mgr,
+                   virDomainObjPtr vm,
+                   int fd)
  {
-    return 0;
+    int rc = -1;
+    char *proc = NULL;
+    char *fd_path = NULL;
+
+    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+
+    if (secdef->imagelabel == NULL)
+        return 0;
+
+    if (virAsprintf(&proc, "/proc/self/fd/%d", fd) == -1) {
+        virReportOOMError();
+        return rc;
+    }
+
+    if (virFileResolveLink(proc, &fd_path) < 0) {
+        virSecurityReportError(VIR_ERR_INTERNAL_ERROR,
+                               "%s", _("could not find path for descriptor"));
+        return rc;
+    }
+
+    return reload_profile(mgr, vm, fd_path, true);
  }
  
  virSecurityDriver virAppArmorSecurityDriver = {
author	Jamie Strandboge <jamie@canonical.com>
	Mon, 20 Jun 2011 03:53:24 +0000 (11:53 +0800)
committer	Daniel Veillard <veillard@redhat.com>
	Mon, 20 Jun 2011 03:53:24 +0000 (11:53 +0800)