External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

security, apparmor: implement domainSetPathLabel

Browse Source 
This came up in discussions around huge pages, but it will cover
more per guest paths that should be added to the guests apparmor profile:
 - keys via qemuDomainWriteMasterKeyFile
 - per domain dirs via qemuProcessMakeDir
 - memory backing paths via qemuProcessBuildDestroyMemoryPathsImpl

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
This commit is contained in:
Christian Ehrhardt 2018-01-09 16:04:02 +01:00 committed by Michal Privoznik
parent 5924977870
commit f436a78239
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/security/security_apparmor.c
View File

@ -953,6 +953,13 @@ AppArmorSetSavedStateLabel(virSecurityManagerPtr mgr,
return reload_profile(mgr, def, savefile, true); return reload_profile(mgr, def, savefile, true);
} }
static int
AppArmorSetPathLabel(virSecurityManagerPtr mgr,
virDomainDefPtr def,
const char *path)
{
return reload_profile(mgr, def, path, true);
}
static int static int
AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr, AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
@ -1045,6 +1052,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
.domainSetSavedStateLabel = AppArmorSetSavedStateLabel, .domainSetSavedStateLabel = AppArmorSetSavedStateLabel,
.domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel, .domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel,
.domainSetPathLabel = AppArmorSetPathLabel,
.domainSetSecurityImageFDLabel = AppArmorSetFDLabel, .domainSetSecurityImageFDLabel = AppArmorSetFDLabel,
.domainSetSecurityTapFDLabel = AppArmorSetFDLabel, .domainSetSecurityTapFDLabel = AppArmorSetFDLabel,