mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-25 15:15:25 +00:00
virt-aa-helper should not fail if profile was removed
Don't exit with error if the user unloaded the profile outside of libvirt * src/security/virt-aa-helper.c: check the exit error from apparmor_parser before exiting with a failure
This commit is contained in:
parent
e68792c112
commit
ba32e11d41
@ -182,6 +182,8 @@ parserCommand(const char *profile_name, const char cmd)
|
|||||||
{
|
{
|
||||||
char flag[3];
|
char flag[3];
|
||||||
char profile[PATH_MAX];
|
char profile[PATH_MAX];
|
||||||
|
int status;
|
||||||
|
int ret;
|
||||||
|
|
||||||
if (strchr("arR", cmd) == NULL) {
|
if (strchr("arR", cmd) == NULL) {
|
||||||
vah_error(NULL, 0, "invalid flag");
|
vah_error(NULL, 0, "invalid flag");
|
||||||
@ -203,9 +205,17 @@ parserCommand(const char *profile_name, const char cmd)
|
|||||||
const char * const argv[] = {
|
const char * const argv[] = {
|
||||||
"/sbin/apparmor_parser", flag, profile, NULL
|
"/sbin/apparmor_parser", flag, profile, NULL
|
||||||
};
|
};
|
||||||
if (virRun(argv, NULL) != 0) {
|
if ((ret = virRun(argv, &status)) != 0 ||
|
||||||
|
(WIFEXITED(status) && WEXITSTATUS(status) != 0)) {
|
||||||
|
if (ret != 0) {
|
||||||
vah_error(NULL, 0, "failed to run apparmor_parser");
|
vah_error(NULL, 0, "failed to run apparmor_parser");
|
||||||
return -1;
|
return -1;
|
||||||
|
} else if (cmd == 'R' && WIFEXITED(status) && WEXITSTATUS(status) == 234) {
|
||||||
|
vah_warning("unable to unload already unloaded profile (non-fatal)");
|
||||||
|
} else {
|
||||||
|
vah_error(NULL, 0, "apparmor_parser exited with error");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user