[lxc-devel] [lxd/master] lxd/apparmor/instance: Fix invalid aa profile generation when lxd binary has changed/gone

Thu, 17 Sep 2020 04:02:42 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7882

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
During development I noticed that a long running lxd process would fail to start a VM after the underlying lxd binary had changed with the error:

```
lxc start v1
Error: Failed to run: apparmor_parser -rWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-v1: AppArmor parser error for /var/lib/lxd/security/apparmor/profiles/lxd-v1 in /var/lib/lxd/security/apparmor/profiles/lxd-v1 at line 41: syntax error, unexpected TOK_OPENPAREN, expecting TOK_MODE
```

I found this was due to the aa profile exec path variable containing " (deleted)" at the end. 

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>

From 77af9a5267a00b958fbfd62a8d0a9f00ba1c5087 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Thu, 17 Sep 2020 11:55:56 +0100
Subject: [PATCH] lxd/apparmor/instance: Fix invalid aa profile generation when
 lxd binary has changed/gone

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
 lxd/apparmor/instance.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lxd/apparmor/instance.go b/lxd/apparmor/instance.go
index 77d266befd..45da348b5b 100644
--- a/lxd/apparmor/instance.go
+++ b/lxd/apparmor/instance.go
@@ -175,9 +175,13 @@ func instanceProfile(state *state.State, inst instance) 
(string, error) {
                        }
                }
 
+               // The value from GetExecPath can include " (deleted)" if the 
lxd binary has been removed/changed
+               // since the lxd process was started, which can cause the 
appamor profile load to fail.
+               execPathCleaned := 
strings.TrimSpace(strings.Replace(util.GetExecPath(), "(deleted)", "", 1))
+
                err = qemuProfileTpl.Execute(sb, map[string]interface{}{
                        "devPaths":    inst.DevPaths(),
-                       "exePath":     util.GetExecPath(),
+                       "exePath":     execPathCleaned,
                        "libraryPath": 
strings.Split(os.Getenv("LD_LIBRARY_PATH"), ":"),
                        "logPath":     inst.LogPath(),
                        "name":        InstanceProfileName(inst),

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to