security: apparmor: prep for qcow2 data_file

[libvirt] [PATCH 0/7] security: apparmor: prep for qcow2 data_file

Posted by Cole Robinson 4 years, 6 months ago

This series does some preparation cleanup and refactoring to
simplify adding qcow2 data_file support to the apparmor driver.
More info on the qcow2 feature and libvirt work here:
https://www.redhat.com/archives/libvir-list/2019-October/msg00303.html

Cole Robinson (7):
  conf: Move -virDomainDiskDefForeachPath to virt-aa-helper
  security: apparmor: Remove unused ignoreOpenFailure
  security: apparmor: Drop disk_foreach_iterator
  security: apparmor: Pass virStorageSource to add_file_path
  security: apparmor: Push virStorageSource checks to add_file_path
  security: apparmor: Use only virStorageSource for disk paths
  security: apparmor: Make storage_source_add_files recursively callable

 src/conf/domain_conf.c        | 42 ----------------------------------
 src/conf/domain_conf.h        | 10 --------
 src/libvirt_private.syms      |  1 -
 src/security/virt-aa-helper.c | 43 ++++++++++++++++++++++++-----------
 4 files changed, 30 insertions(+), 66 deletions(-)

-- 
2.23.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 0/7] security: apparmor: prep for qcow2 data_file

Posted by Cole Robinson 4 years, 6 months ago

On 10/8/19 12:22 PM, Cole Robinson wrote:
> This series does some preparation cleanup and refactoring to
> simplify adding qcow2 data_file support to the apparmor driver.
> More info on the qcow2 feature and libvirt work here:
> https://www.redhat.com/archives/libvir-list/2019-October/msg00303.html
> 

Should have mentioned here: I found apparmor libs/devel packages for 
fedora, so this is compile tested but not runtime tested. Help with that 
appreciated.

virt-aa-helper-test doesn't seem to regress, but it is failing for me on 
master before these patches:

./virt-aa-helper-test
ls: cannot access '/boot/initrd*': No such file or directory
Skipping /boot/initrd* tests. Could not find /boot/initrd*
FAIL: exited with '1'
   OVMF (new path):  '--dryrun -r -u 
libvirt-00000000-0000-0000-0000-0123456789ab':
FAIL: exited with '1'
   AAVMF:  '--dryrun -r -u libvirt-00000000-0000-0000-0000-0123456789ab':
FAIL: exited with '1'
   AAVMF32:  '--dryrun -r -u libvirt-00000000-0000-0000-0000-0123456789ab':

- Cole

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 0/7] security: apparmor: prep for qcow2 data_file

Posted by Michal Privoznik 4 years, 6 months ago

On 10/8/19 6:22 PM, Cole Robinson wrote:
> This series does some preparation cleanup and refactoring to
> simplify adding qcow2 data_file support to the apparmor driver.
> More info on the qcow2 feature and libvirt work here:
> https://www.redhat.com/archives/libvir-list/2019-October/msg00303.html
> 
> Cole Robinson (7):
>    conf: Move -virDomainDiskDefForeachPath to virt-aa-helper
>    security: apparmor: Remove unused ignoreOpenFailure
>    security: apparmor: Drop disk_foreach_iterator
>    security: apparmor: Pass virStorageSource to add_file_path
>    security: apparmor: Push virStorageSource checks to add_file_path
>    security: apparmor: Use only virStorageSource for disk paths
>    security: apparmor: Make storage_source_add_files recursively callable
> 
>   src/conf/domain_conf.c        | 42 ----------------------------------
>   src/conf/domain_conf.h        | 10 --------
>   src/libvirt_private.syms      |  1 -
>   src/security/virt-aa-helper.c | 43 ++++++++++++++++++++++++-----------
>   4 files changed, 30 insertions(+), 66 deletions(-)
> 

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list