virt-aa-helper should not fail if profile was removed

Don't exit with error if the user unloaded the profile outside of
 libvirt
* src/security/virt-aa-helper.c: check the exit error from apparmor_parser
  before exiting with a failure
This commit is contained in:
Jamie Strandboge 2010-04-06 16:17:08 +02:00 committed by Daniel Veillard
parent e68792c112
commit ba32e11d41

View File

@ -182,6 +182,8 @@ parserCommand(const char *profile_name, const char cmd)
{ {
char flag[3]; char flag[3];
char profile[PATH_MAX]; char profile[PATH_MAX];
int status;
int ret;
if (strchr("arR", cmd) == NULL) { if (strchr("arR", cmd) == NULL) {
vah_error(NULL, 0, "invalid flag"); vah_error(NULL, 0, "invalid flag");
@ -203,9 +205,17 @@ parserCommand(const char *profile_name, const char cmd)
const char * const argv[] = { const char * const argv[] = {
"/sbin/apparmor_parser", flag, profile, NULL "/sbin/apparmor_parser", flag, profile, NULL
}; };
if (virRun(argv, NULL) != 0) { if ((ret = virRun(argv, &status)) != 0 ||
vah_error(NULL, 0, "failed to run apparmor_parser"); (WIFEXITED(status) && WEXITSTATUS(status) != 0)) {
return -1; if (ret != 0) {
vah_error(NULL, 0, "failed to run apparmor_parser");
return -1;
} else if (cmd == 'R' && WIFEXITED(status) && WEXITSTATUS(status) == 234) {
vah_warning("unable to unload already unloaded profile (non-fatal)");
} else {
vah_error(NULL, 0, "apparmor_parser exited with error");
return -1;
}
} }
} }