External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-22 20:45:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

AppArmor handling of accesses to readonly files

Browse Source 
Fixes https://launchpad.net/bugs/453335

* src/security/virt-aa-helper.c: suppress confusing and misleading
  apparmor denied message when kvm/qemu tries to open a libvirt specified
  readonly file (such as a cdrom) with write permissions. libvirt uses
  the readonly attribute for the security driver only, and has no way
  of telling kvm/qemu that the device should be opened readonly
This commit is contained in:
Jamie Strandboge 2009-11-13 15:25:30 +01:00 committed by Daniel Veillard
parent dae7054b76
commit d0d4b8ad76
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/security/virt-aa-helper.c
View File

@ -755,6 +755,10 @@ vah_add_file(virBufferPtr buf, const char *path, const char *perms)
}
virBufferVSprintf(buf, " \"%s\" %s,\n", tmp, perms);
if (readonly) {
virBufferVSprintf(buf, " # don't audit writes to readonly media\n");
virBufferVSprintf(buf, " deny \"%s\" w,\n", tmp);
}
clean:
free(tmp);