1. Patchew
  2. Libvirt
  3. View series

[libvirt] [PATCH] security: aa-helper: allow virt-aa-helper to read .vhd images

Christian Ehrhardt posted 1 patch 4 years, 9 months ago
Test syntax-check passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20190703104655.30929-1-christian.ehrhardt@canonical.com
src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 +
1 file changed, 1 insertion(+)
[libvirt] [PATCH] security: aa-helper: allow virt-aa-helper to read .vhd images
Posted by Christian Ehrhardt 4 years, 9 months ago 
VHD images can be used as any other, so we should add them to the list
of types that virt-aa-helper can read when creating the per-guest rules
for backing files.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---
 src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
index 78994bcda6..bf6bd297d1 100644
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
   /**.qcow{,2} r,
   /**.qed r,
   /**.vmdk r,
+  /**.vhd r,
   /**.[iI][sS][oO] r,
   /**/disk{,.*} r,
 
-- 
2.22.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] security: aa-helper: allow virt-aa-helper to read .vhd images
Posted by Andrea Bolognani 4 years, 9 months ago 
On Wed, 2019-07-03 at 12:46 +0200, Christian Ehrhardt wrote:
> VHD images can be used as any other, so we should add them to the list
> of types that virt-aa-helper can read when creating the per-guest rules
> for backing files.
> 
> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
> ---
>  src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> index 78994bcda6..bf6bd297d1 100644
> --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> @@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
>    /**.qcow{,2} r,
>    /**.qed r,
>    /**.vmdk r,
> +  /**.vhd r,
>    /**.[iI][sS][oO] r,
>    /**/disk{,.*} r,

I know basically nothing about AppArmor, but given the pre-existing
contents of the file the changes seem completely reasonable, so

  Reviewed-by: Andrea Bolognani <abologna@redhat.com>

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] security: aa-helper: allow virt-aa-helper to read .vhd images
Posted by Jamie Strandboge 4 years, 9 months ago 
On Wed, 03 Jul 2019, Christian Ehrhardt wrote:

> VHD images can be used as any other, so we should add them to the list
> of types that virt-aa-helper can read when creating the per-guest rules
> for backing files.
> 
> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
> ---
>  src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> index 78994bcda6..bf6bd297d1 100644
> --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> @@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
>    /**.qcow{,2} r,
>    /**.qed r,
>    /**.vmdk r,
> +  /**.vhd r,

This looks fine. +1 to apply.

-- 
Jamie Strandboge             | http://www.canonical.com
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] security: aa-helper: allow virt-aa-helper to read .vhd images
Posted by Christian Ehrhardt 4 years, 9 months ago 
On Fri, Jul 12, 2019 at 7:02 PM Jamie Strandboge <jamie@canonical.com> wrote:
>
> On Wed, 03 Jul 2019, Christian Ehrhardt wrote:
>
> > VHD images can be used as any other, so we should add them to the list
> > of types that virt-aa-helper can read when creating the per-guest rules
> > for backing files.
> >
> > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
> > ---
> >  src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> > index 78994bcda6..bf6bd297d1 100644
> > --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> > +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> > @@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
> >    /**.qcow{,2} r,
> >    /**.qed r,
> >    /**.vmdk r,
> > +  /**.vhd r,
>
> This looks fine. +1 to apply.



Thank you Jamie and Andrea!
the commit is now pushed with your Review/Ack tags added.

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.