]> xenbits.xensource.com Git - libvirt.git/commit
projects / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 87c991d) | patch
virt-aa-helper: resolve yet to be created paths
authorChristian Ehrhardt <christian.ehrhardt@canonical.com>
Thu, 1 Mar 2018 13:58:39 +0000 (14:58 +0100)
committerChristian Ehrhardt <christian.ehrhardt@canonical.com>
Wed, 7 Mar 2018 17:03:36 +0000 (18:03 +0100)
commitb932ed69f6664f42e211bdde84c8ab04e1f19033
tree04a3eebaeaa5cdad369f62e8b3be2d8c2d16f255tree
parent87c991d51eef98525f6f2c6458b0d91a1c8d7b9dcommit | diff
virt-aa-helper: resolve yet to be created paths

In certain cases a xml contains paths that do not yet exist, but
are valid as qemu will create them later on - for example
vhostuser mode=server sockets.

In any such cases so far the check to virFileExists failed and due to
that the paths stayed non-resolved in regard to symlinks.

But for apparmor those non-resolved rules are non functional as they
are evaluated after resolving any symlinks.

Therefore for non-existent files and partially non-existent paths
resolve as much as possible to get valid rules.

Example:
   <interface type='vhostuser'>
       <model type='virtio'/>
       <source type='unix' path='/var/run/symlinknet' mode='server'/>
   </interface>

Got rendered as:
  "/var/run/symlinknet" rw,

But correct with "/var/run" being a symlink to "/run" is:
  "/run/symlinknet" rw,

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Acked-by: Michal Privoznik <mprivozn@redhat.com>
src/security/virt-aa-helper.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.