[0/7] security: apparmor: prep for qcow2 data_file

Message ID cover.1570551720.git.crobinso@redhat.com
Headers show
Series
  • security: apparmor: prep for qcow2 data_file
Related show

Message

Cole Robinson Oct. 8, 2019, 4:22 p.m.
This series does some preparation cleanup and refactoring to
simplify adding qcow2 data_file support to the apparmor driver.
More info on the qcow2 feature and libvirt work here:
https://www.redhat.com/archives/libvir-list/2019-October/msg00303.html

Cole Robinson (7):
  conf: Move -virDomainDiskDefForeachPath to virt-aa-helper
  security: apparmor: Remove unused ignoreOpenFailure
  security: apparmor: Drop disk_foreach_iterator
  security: apparmor: Pass virStorageSource to add_file_path
  security: apparmor: Push virStorageSource checks to add_file_path
  security: apparmor: Use only virStorageSource for disk paths
  security: apparmor: Make storage_source_add_files recursively callable

 src/conf/domain_conf.c        | 42 ----------------------------------
 src/conf/domain_conf.h        | 10 --------
 src/libvirt_private.syms      |  1 -
 src/security/virt-aa-helper.c | 43 ++++++++++++++++++++++++-----------
 4 files changed, 30 insertions(+), 66 deletions(-)

-- 
2.23.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Comments

Cole Robinson Oct. 8, 2019, 4:28 p.m. | #1
On 10/8/19 12:22 PM, Cole Robinson wrote:
> This series does some preparation cleanup and refactoring to

> simplify adding qcow2 data_file support to the apparmor driver.

> More info on the qcow2 feature and libvirt work here:

> https://www.redhat.com/archives/libvir-list/2019-October/msg00303.html

> 


Should have mentioned here: I found apparmor libs/devel packages for 
fedora, so this is compile tested but not runtime tested. Help with that 
appreciated.

virt-aa-helper-test doesn't seem to regress, but it is failing for me on 
master before these patches:

./virt-aa-helper-test
ls: cannot access '/boot/initrd*': No such file or directory
Skipping /boot/initrd* tests. Could not find /boot/initrd*
FAIL: exited with '1'
   OVMF (new path):  '--dryrun -r -u 
libvirt-00000000-0000-0000-0000-0123456789ab':
FAIL: exited with '1'
   AAVMF:  '--dryrun -r -u libvirt-00000000-0000-0000-0000-0123456789ab':
FAIL: exited with '1'
   AAVMF32:  '--dryrun -r -u libvirt-00000000-0000-0000-0000-0123456789ab':

- Cole

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Michal Privoznik Oct. 9, 2019, 2:22 p.m. | #2
On 10/8/19 6:22 PM, Cole Robinson wrote:
> This series does some preparation cleanup and refactoring to

> simplify adding qcow2 data_file support to the apparmor driver.

> More info on the qcow2 feature and libvirt work here:

> https://www.redhat.com/archives/libvir-list/2019-October/msg00303.html

> 

> Cole Robinson (7):

>    conf: Move -virDomainDiskDefForeachPath to virt-aa-helper

>    security: apparmor: Remove unused ignoreOpenFailure

>    security: apparmor: Drop disk_foreach_iterator

>    security: apparmor: Pass virStorageSource to add_file_path

>    security: apparmor: Push virStorageSource checks to add_file_path

>    security: apparmor: Use only virStorageSource for disk paths

>    security: apparmor: Make storage_source_add_files recursively callable

> 

>   src/conf/domain_conf.c        | 42 ----------------------------------

>   src/conf/domain_conf.h        | 10 --------

>   src/libvirt_private.syms      |  1 -

>   src/security/virt-aa-helper.c | 43 ++++++++++++++++++++++++-----------

>   4 files changed, 30 insertions(+), 66 deletions(-)

> 


Reviewed-by: Michal Privoznik <mprivozn@redhat.com>


Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list