From nobody Thu May  2 21:03:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 63.128.21.124 as permitted sender) client-ip=63.128.21.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 63.128.21.124 as permitted sender) client-ip=63.128.21.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=crudebyte.com
ARC-Seal: i=1; a=rsa-sha256; t=1603381882; cv=none;
	d=zohomail.com; s=zohoarc;
	b=HK7sn3+97ONFJssfr1Uua9G1iDrmle6W3uSvotPEPmvxEu4w5lC5bxRB/H100Fx2h/PBdzQPUlIF3ih4hRlXxhOIHHRXWVTgznuPNkGrhJHEUgFJiqBK+09llN2eauoUwrQco7p26tm665t7wM3KX/1neTPbKLOrB4r7aReKbW0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1603381882;
 h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To;
	bh=v6blkiQeAJL41HDHo5LLMV08NfYmXZCZfiD4MtC0U1I=;
	b=Ddjbddvs8cQHYoXH8b4U6FT2fJQ3z/4LbsHqM49xmvPeo0JsypbYACNbEBzSQfEd0sZy701RA/yonxUcPaL0ffyxAWCWbL21GJSH9hZXApXMdohGSLNZMkWOp9jz5LZk25rev/ERNkBHQNyfoYVIQn1hlj+RHl+7raWh8e+M/Tg=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail header.from=<qemu_oss@crudebyte.com> (p=quarantine dis=quarantine)
 header.from=<qemu_oss@crudebyte.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com
	with SMTPS id 1603381882962444.5640890993301;
 Thu, 22 Oct 2020 08:51:22 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-118-XxhWytT2MA-yxZq-vWb1Mg-1; Thu, 22 Oct 2020 11:51:19 -0400
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 95EE587952D;
	Thu, 22 Oct 2020 15:51:13 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id F2EC35D9F1;
	Thu, 22 Oct 2020 15:51:11 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3FE32181A06B;
	Thu, 22 Oct 2020 15:51:08 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 09MFp54q010486 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 22 Oct 2020 11:51:05 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 1C39C2156A3A; Thu, 22 Oct 2020 15:51:05 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 1711C2156A37
	for <libvir-list@redhat.com>; Thu, 22 Oct 2020 15:51:02 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BA0FB800962
	for <libvir-list@redhat.com>; Thu, 22 Oct 2020 15:51:02 +0000 (UTC)
Received: from lizzy.crudebyte.com (lizzy.crudebyte.com [91.194.90.13])
	(Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-142-U_jz-AAbMByaNqMrnSz_7Q-1; Thu, 22 Oct 2020 11:50:59 -0400
X-MC-Unique: XxhWytT2MA-yxZq-vWb1Mg-1
X-MC-Unique: U_jz-AAbMByaNqMrnSz_7Q-1
Message-Id: 
 <b3e8bae82125e80ce539468f5b02c5429bab2faa.1603379410.git.qemu_oss@crudebyte.com>
In-Reply-To: <cover.1603379410.git.qemu_oss@crudebyte.com>
References: <cover.1603379410.git.qemu_oss@crudebyte.com>
From: Christian Schoenebeck <qemu_oss@crudebyte.com>
Date: Thu, 22 Oct 2020 16:58:00 +0200
Subject: [PATCH 1/1] virt-aa-helper: allow hard links for mounts
To: libvir-list@redhat.com
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Cc: =?UTF-8?B?DQogICAgR3VpZG8gR8O8bnRoZXI=?= <agx@sigxcpu.org>, Serge
	Hallyn <serge.hallyn@ubuntu.com>, Greg Kurz <groug@kaod.org>, "
	Dr. David Alan Gilbert" <dgilbert@redhat.com>,
	=?UTF-8?Q?=0D=0A____C=C3=A9dric_Bosdonnat?= <cbosdonnat@suse.com>, Stefan
	Hajnoczi <stefanha@redhat.com>, Hiroshi Miura <miurahr@linux.com>,
	Felix Geyer <debfx@fobos.de>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 2
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

Guests should be allowed to create hard links on mounted pathes, since
many applications rely on this functionality and would error on guest
with current "rw" AppArmor permission with 9pfs.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/virt-aa-helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 12429278fb..5a6f4a5f7d 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1142,7 +1142,7 @@ get_files(vahControl * ctl)
             /* We don't need to add deny rw rules for readonly mounts,
              * this can only lead to troubles when mounting / readonly.
              */
-            if (vah_add_path(&buf, fs->src->path, fs->readonly ? "R" : "rw=
", true) !=3D 0)
+            if (vah_add_path(&buf, fs->src->path, fs->readonly ? "R" : "rw=
l", true) !=3D 0)
                 goto cleanup;
         }
     }
--=20
2.20.1