[libvirt] [PATCH] virt-aa-helper: add NVRAM store file for read/write
Some UEFI firmwares may want to use a non-volatile memory to store some variables. If AppArmor is enabled, and NVRAM store file is set currently virt-aa-helper does not add the NVRAM store file to the template. Add this file for read/write when this functionality is defined in domain XML. Signed-off-by: Peter Kieser pe...@kieser.ca --- src/security/virt-aa-helper.c | 4 1 file changed, 4 insertions(+) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 4ce1e7a..2f93172 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1047,6 +1047,10 @@ get_files(vahControl * ctl) if (vah_add_file(buf, ctl-def-os.loader-path, r) != 0) goto cleanup; +if (ctl-def-os.loader ctl-def-os.loader-nvram) +if (vah_add_file(buf, ctl-def-os.loader-nvram, rw) != 0) +goto cleanup; + for (i = 0; i ctl-def-ngraphics; i++) { if (ctl-def-graphics[i]-type == VIR_DOMAIN_GRAPHICS_TYPE_VNC ctl-def-graphics[i]-data.vnc.socket smime.p7s Description: S/MIME Cryptographic Signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Entering freeze for libvirt-1.2.17
On 2015-06-30 2:49 AM, Daniel Veillard wrote: On Tue, Jun 30, 2015 at 11:00:24AM +0200, Guido Günther wrote: On Tue, Jun 30, 2015 at 03:00:09PM +0800, Daniel Veillard wrote: On Mon, Jun 29, 2015 at 10:34:55PM +0200, Guido Günther wrote: On Sun, Jun 28, 2015 at 01:00:01PM +0800, Daniel Veillard wrote: Following discussions on Friday, I applied the patches to deactivate the subset of Admin APIs and revert from 1.3.0 to 1.2.17. I then tagged in git and pushed signed tarballs and rpms to the usual place: ftp://libvirt.org/pub/libvirt/ I didn't run my usual tests on that one, my infra is in flux, so even more reasons for people to give it a try :-) I'm likely to make a candidate release 2 on Tuesday and if all goes well we can push 1.2.17 on Thursday, Building the tarball fails for me with: make[4]: Entering directory '/tmp/buildd/libvirt-1.2.17~rc1/debian/build/docs' missing XHTML1 DTD cat: internals/locking.html.tmp: No such file or directory Makefile:2385: recipe for target 'internals/locking.html' failed make[4]: *** [internals/locking.html] Error 1 The missing XHTML1 DTD just means you can't validate the locking.html.tmp against a local copy of the DTD for XHTML1, but then it seems that the locking.html.tmp wasn't generated. It should be generated via xsltproc, it seems it's missing in your build environment, make sure you have it. Make sure you have xmllint, xsltproc and xhtml1-dtds in your build system, I should have added that I tried this with and without xsltproc + xmllint. I now also added the DTDs but no change (the build env didn't change since the last release). humpf ... locking.html.in wasn't touched since Feb, that need more attention and building from the tarballs worked here, strange Daniel http://libvirt.org/git/?p=libvirt.git;a=commit;h=1310b1358cdf9c8acba6e0e85feb869241e59faa I had to revert this commit to get 1.2.17 to build under debian packaging chroot. -Peter smime.p7s Description: S/MIME Cryptographic Signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Entering freeze for libvirt-1.2.17
On 2015-07-09 2:00 PM, Peter Kieser wrote: On 2015-06-30 2:49 AM, Daniel Veillard wrote: On Tue, Jun 30, 2015 at 11:00:24AM +0200, Guido Günther wrote: On Tue, Jun 30, 2015 at 03:00:09PM +0800, Daniel Veillard wrote: On Mon, Jun 29, 2015 at 10:34:55PM +0200, Guido Günther wrote: On Sun, Jun 28, 2015 at 01:00:01PM +0800, Daniel Veillard wrote: Following discussions on Friday, I applied the patches to deactivate the subset of Admin APIs and revert from 1.3.0 to 1.2.17. I then tagged in git and pushed signed tarballs and rpms to the usual place: ftp://libvirt.org/pub/libvirt/ I didn't run my usual tests on that one, my infra is in flux, so even more reasons for people to give it a try :-) I'm likely to make a candidate release 2 on Tuesday and if all goes well we can push 1.2.17 on Thursday, Building the tarball fails for me with: make[4]: Entering directory '/tmp/buildd/libvirt-1.2.17~rc1/debian/build/docs' missing XHTML1 DTD cat: internals/locking.html.tmp: No such file or directory Makefile:2385: recipe for target 'internals/locking.html' failed make[4]: *** [internals/locking.html] Error 1 The missing XHTML1 DTD just means you can't validate the locking.html.tmp against a local copy of the DTD for XHTML1, but then it seems that the locking.html.tmp wasn't generated. It should be generated via xsltproc, it seems it's missing in your build environment, make sure you have it. Make sure you have xmllint, xsltproc and xhtml1-dtds in your build system, I should have added that I tried this with and without xsltproc + xmllint. I now also added the DTDs but no change (the build env didn't change since the last release). humpf ... locking.html.in wasn't touched since Feb, that need more attention and building from the tarballs worked here, strange Daniel http://libvirt.org/git/?p=libvirt.git;a=commit;h=1310b1358cdf9c8acba6e0e85feb869241e59faa I had to revert this commit to get 1.2.17 to build under debian packaging chroot. -Peter As well as: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=c0b7d3126be18bea0ce5dcead7bab925bc17cfc5 -Peter smime.p7s Description: S/MIME Cryptographic Signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list