mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
security, apparmor: implement domainSetPathLabel
This came up in discussions around huge pages, but it will cover more per guest paths that should be added to the guests apparmor profile: - keys via qemuDomainWriteMasterKeyFile - per domain dirs via qemuProcessMakeDir - memory backing paths via qemuProcessBuildDestroyMemoryPathsImpl Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
This commit is contained in:
parent
5924977870
commit
f436a78239
@ -953,6 +953,13 @@ AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr,
|
||||
return reload_profile(mgr, def, savefile, true);
|
||||
}
|
||||
|
||||
static int
|
||||
AppArmorSetPathLabel(virSecurityManagerPtr mgr,
|
||||
virDomainDefPtr def,
|
||||
const char *path)
|
||||
{
|
||||
return reload_profile(mgr, def, path, true);
|
||||
}
|
||||
|
||||
static int
|
||||
AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
|
||||
@ -1045,6 +1052,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
|
||||
.domainSetSavedStateLabel = AppArmorSetSavedStateLabel,
|
||||
.domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel,
|
||||
|
||||
.domainSetPathLabel = AppArmorSetPathLabel,
|
||||
|
||||
.domainSetSecurityImageFDLabel = AppArmorSetFDLabel,
|
||||
.domainSetSecurityTapFDLabel = AppArmorSetFDLabel,
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user