[5/7] security: apparmor: Push virStorageSource checks to add_file_path

Message ID 8392bd203a3b24d7e07a4544c7ddf122abe6a5ec.1570551720.git.crobinso@redhat.com
State Accepted
Commit c7eea3f559340723d5200278105d63eb3c686561
Headers show
Series
  • security: apparmor: prep for qcow2 data_file
Related show

Commit Message

Cole Robinson Oct. 8, 2019, 4:22 p.m.
This mirrors the code layout in security_selinux.c. It will also make
it easier to share the checks for qcow2 external data_file support
eventually

Signed-off-by: Cole Robinson <crobinso@redhat.com>

---
 src/security/virt-aa-helper.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

-- 
2.23.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patch

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 9f39eb2e2b..20281c38b7 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -917,6 +917,10 @@  add_file_path(virStorageSourcePtr src,
 {
     int ret;
 
+    /* execute the callback only for local storage */
+    if (!src->path || !virStorageSourceIsLocalStorage(src))
+        return 0;
+
     if (depth == 0) {
         if (src->readonly)
             ret = vah_add_file(buf, src->path, "rk");
@@ -941,12 +945,8 @@  disk_add_files(virDomainDiskDefPtr disk,
     virStorageSourcePtr tmp;
 
     for (tmp = disk->src; virStorageSourceIsBacking(tmp); tmp = tmp->backingStore) {
-        /* execute the callback only for local storage */
-        if (virStorageSourceIsLocalStorage(tmp) &&
-            tmp->path) {
-            if (add_file_path(tmp, depth, buf) < 0)
-                return -1;
-        }
+        if (add_file_path(tmp, depth, buf) < 0)
+            return -1;
 
         depth++;
     }