From: Guido Günther Date: Sat, 2 Apr 2016 10:49:28 +0000 (+0200) Subject: apparmor: QEMU monitor socket moved X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=dfbc9a8382adc0495bf0e034ae6add92bed4822b;p=libvirt.git apparmor: QEMU monitor socket moved The directory name changed in a89f05ba8df095875f5ec8a9065a585af63a010b. This unbreaks launching QEMU/KVM VMs with apparmor enabled. It also adds the directory for the qemu guest-agent socket which is not known when parsing the domain XML. --- diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index a2d7226d76..50d2a08166 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -762,8 +762,8 @@ get_definition(vahControl * ctl, const char *xmlStr) } ctl->def = virDomainDefParseString(xmlStr, - ctl->caps, ctl->xmlopt, - VIR_DOMAIN_DEF_PARSE_INACTIVE); + ctl->caps, ctl->xmlopt, 0); + if (ctl->def == NULL) { vah_error(ctl, 0, _("could not parse XML")); goto exit; @@ -1366,6 +1366,10 @@ main(int argc, char **argv) LOCALSTATEDIR, ctl->def->name); virBufferAsprintf(&buf, " \"%s/lib/libvirt/qemu/domain-%s/monitor.sock\" rw,\n", LOCALSTATEDIR, ctl->def->name); + virBufferAsprintf(&buf, " \"%s/lib/libvirt/qemu/domain-%d-%.*s/*\" rw,\n", + LOCALSTATEDIR, ctl->def->id, 20, ctl->def->name); + virBufferAsprintf(&buf, " \"%s/lib/libvirt/qemu/channel/target/domain-%d-%.*s/*\" rw,\n", + LOCALSTATEDIR, ctl->def->id, 20, ctl->def->name); virBufferAsprintf(&buf, " \"%s/run/libvirt/**/%s.pid\" rwk,\n", LOCALSTATEDIR, ctl->def->name); virBufferAsprintf(&buf, " \"/run/libvirt/**/%s.pid\" rwk,\n",