Re: [libvirt] [PATCH] virt-aa-helper: add NVRAM store file for read/write
On Fri, 2015-08-21 at 11:01 +0200, Guido Günther wrote: Hi, On Thu, Aug 20, 2015 at 10:58:59AM -0700, Peter Kieser wrote: Some UEFI firmwares may want to use a non-volatile memory to store some variables. If AppArmor is enabled, and NVRAM store file is set currently virt-aa-helper does not add the NVRAM store file to the template. Add this file for read/write when this functionality is defined in domain XML. I'm not an export on apparmor things but it makes sense to me. ACK ACK from me too. Just pushed it. -- Cedric Cheers, -- Guido Signed-off-by: Peter Kieser pe...@kieser.ca --- src/security/virt-aa-helper.c | 4 1 file changed, 4 insertions(+) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 4ce1e7a..2f93172 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1047,6 +1047,10 @@ get_files(vahControl * ctl) if (vah_add_file(buf, ctl-def-os.loader-path, r) != 0) goto cleanup; +if (ctl-def-os.loader ctl-def-os.loader-nvram) +if (vah_add_file(buf, ctl-def-os.loader-nvram, rw) != 0) +goto cleanup; + for (i = 0; i ctl-def-ngraphics; i++) { if (ctl-def-graphics[i]-type == VIR_DOMAIN_GRAPHICS_TYPE_VNC ctl-def-graphics[i]-data.vnc.socket -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] virt-aa-helper: add NVRAM store file for read/write
Hi, On Thu, Aug 20, 2015 at 10:58:59AM -0700, Peter Kieser wrote: Some UEFI firmwares may want to use a non-volatile memory to store some variables. If AppArmor is enabled, and NVRAM store file is set currently virt-aa-helper does not add the NVRAM store file to the template. Add this file for read/write when this functionality is defined in domain XML. I'm not an export on apparmor things but it makes sense to me. ACK Cheers, -- Guido Signed-off-by: Peter Kieser pe...@kieser.ca --- src/security/virt-aa-helper.c | 4 1 file changed, 4 insertions(+) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 4ce1e7a..2f93172 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1047,6 +1047,10 @@ get_files(vahControl * ctl) if (vah_add_file(buf, ctl-def-os.loader-path, r) != 0) goto cleanup; +if (ctl-def-os.loader ctl-def-os.loader-nvram) +if (vah_add_file(buf, ctl-def-os.loader-nvram, rw) != 0) +goto cleanup; + for (i = 0; i ctl-def-ngraphics; i++) { if (ctl-def-graphics[i]-type == VIR_DOMAIN_GRAPHICS_TYPE_VNC ctl-def-graphics[i]-data.vnc.socket -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] virt-aa-helper: add NVRAM store file for read/write
Some UEFI firmwares may want to use a non-volatile memory to store some variables. If AppArmor is enabled, and NVRAM store file is set currently virt-aa-helper does not add the NVRAM store file to the template. Add this file for read/write when this functionality is defined in domain XML. Signed-off-by: Peter Kieser pe...@kieser.ca --- src/security/virt-aa-helper.c | 4 1 file changed, 4 insertions(+) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 4ce1e7a..2f93172 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1047,6 +1047,10 @@ get_files(vahControl * ctl) if (vah_add_file(buf, ctl-def-os.loader-path, r) != 0) goto cleanup; +if (ctl-def-os.loader ctl-def-os.loader-nvram) +if (vah_add_file(buf, ctl-def-os.loader-nvram, rw) != 0) +goto cleanup; + for (i = 0; i ctl-def-ngraphics; i++) { if (ctl-def-graphics[i]-type == VIR_DOMAIN_GRAPHICS_TYPE_VNC ctl-def-graphics[i]-data.vnc.socket smime.p7s Description: S/MIME Cryptographic Signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list