]> xenbits.xensource.com Git - libvirt.git/commitdiff
projects / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 17825e8)
apparmor: delete profile on VM shutdown
authorGuido Günther <agx@sigxcpu.org>
Mon, 18 Sep 2017 19:23:25 +0000 (21:23 +0200)
committerGuido Günther <agx@sigxcpu.org>
Fri, 22 Sep 2017 10:32:49 +0000 (12:32 +0200)
instead of only unloading it. This makes sure old profiles don't pile up
in /etc/apparmor.d/libvirt and we get updates to modified templates on
VM restart.

Reviewed-by: Jim Fehlig <jfehlig@suse.com>
src/security/security_apparmor.c patch | blob | blame | history

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 5afe0c5c8573bd96dd67d3e005a1fa38eee3ff74..1db94c632f5d0feccf2992095cd3c003661ead0f 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -220,7 +220,7 @@ remove_profile(const char *profile)
 {
     int rc = -1;
     const char * const argv[] = {
-        VIRT_AA_HELPER, "-R", "-u", profile, NULL
+        VIRT_AA_HELPER, "-D", "-u", profile, NULL
     };
 
     if (virRun(argv, NULL) == 0)
Unnamed repository; edit this file 'description' to name the repository.