From patchwork Fri Oct 11 19:14:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cole Robinson X-Patchwork-Id: 176026 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1168638ill; Fri, 11 Oct 2019 12:13:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqxpB1yPTpxRD2QlinybzQZZdtytAQxX4DnAkWGI1lETOGwgHHU8T4Q7aNbr6r0DDfGiAdn1 X-Received: by 2002:a6b:f111:: with SMTP id e17mr18550876iog.65.1570821224093; Fri, 11 Oct 2019 12:13:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570821224; cv=none; d=google.com; s=arc-20160816; b=rUiQaCYMZzUV2vuheYv9BCrbPXUaW06jnrMJ+1nsYOiweMUWqM2Cgq2WjFieeI7e9z 48Fq5+sYM8bMFEiotfGMfOrj10i/Qw5290IMt5m0uLrT3n0tfntw7o3CbqWnjeXRVeVK Yo6+H27Y72F6/mTu9RsWPHaEkbWq1O3cparzoWF/VMTjXcRagU9BQfbNIBdGqZntJTUC Om55W8NYUNb5puPx5GzAlXo19MkWfW865/bQ+gdEShS0RzvDGeBIMCPK0npwuJ6zsIZY DScPZPzIiM05ipl7vWu+BWPb+0qr8iFTuKP3WVZVB6n8fT1TYVBlRbRdpGTj391lVaI/ ihyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:message-id:date:to:from:delivered-to; bh=5Liz/U+LazTmh64cZoEmeSopBB19nnTcrQkZtf2gv4c=; b=C9nELbl0CbJFtpqKeoVkaKEDYQnDdT9cZjNUKLhaMUs3JbVSlrQqiSAXwi+mMmkdEa 3HEeB4foWHkLEOlClnkztjUi3Am07TRf9avCKz4++KhMoGgiJQiyGU50rJNwtWIZO25J rnVnS2iNJOdiQbGVoYPQe7hUMLYXHmBVeUg4ybaBsb/dMVM6DAH3rCuQstTLeOwVPS31 K0XKanIJ9pmUln37hPlnxgJS4PASVYcb14rDbMo/4D08U/Mr9Yn2wwGshYpLeHTOCg8b XIwVDmI/WwlSRziedE6q4coLncCA5lSOUVj2iFnsa2AIrQ3wiiOZb2tBOxx7zCXEzZvh pPCA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28]) by mx.google.com with ESMTPS id e7si8592911ioe.12.2019.10.11.12.13.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 Oct 2019 12:13:44 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; Authentication-Results: mx.google.com; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 87E90316D8D0; Fri, 11 Oct 2019 19:13:42 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E5D391001B07; Fri, 11 Oct 2019 19:13:39 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id ADC7818005A0; Fri, 11 Oct 2019 19:13:36 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x9BJDZTb029023 for ; Fri, 11 Oct 2019 15:13:35 -0400 Received: by smtp.corp.redhat.com (Postfix) id 016611001B11; Fri, 11 Oct 2019 19:13:35 +0000 (UTC) Delivered-To: libvirt-list@redhat.com Received: from worklaptop.redhat.com (ovpn-124-31.rdu2.redhat.com [10.10.124.31]) by smtp.corp.redhat.com (Postfix) with ESMTP id ED6961001B07; Fri, 11 Oct 2019 19:13:33 +0000 (UTC) From: Cole Robinson To: libvirt-list@redhat.com Date: Fri, 11 Oct 2019 15:14:04 -0400 Message-Id: <49dfeac6e8fabdd92981ef01a3fc509f504543f4.1570821213.git.crobinso@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Cc: christian.ehrhardt@canonical.com Subject: [libvirt] [PATCH] security: apparmor: Label externalDataStore X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 11 Oct 2019 19:13:43 +0000 (UTC) Teach virt-aa-helper how to label a qcow2 data_file, tracked internally as externalDataStore. It should be treated the same as its sibling disk image Signed-off-by: Cole Robinson --- Compiled but not runtime tested, I don't have an apparmor setup src/security/virt-aa-helper.c | 4 ++++ 1 file changed, 4 insertions(+) -- 2.23.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 509187ac36..fe6fa12550 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -949,6 +949,10 @@ storage_source_add_files(virStorageSourcePtr src, if (add_file_path(tmp, depth, buf) < 0) return -1; + if (src->externalDataStore && + storage_source_add_files(src->externalDataStore, buf, depth) < 0) + return -1; + depth++; }