Re: [libvirt] [PATCH] fix parsing security labels from virt-aa-helper

2016-11-21 Thread Christian Ehrhardt
On Mon, Nov 21, 2016 at 9:03 AM, Guido Günther wrote: > This should be shortened and clarified (see the other part of the > thread). IMHO the root cause is that we parse the active domain XML but > the live part of the seclabel is not filled in yet. > Ok, reasonable to keep

Re: [libvirt] [PATCH] fix parsing security labels from virt-aa-helper

2016-11-21 Thread Guido Günther
Hi Christian, On Mon, Oct 31, 2016 at 11:32:44AM +0100, Christian Ehrhardt wrote: > When parsing labels virt-aa-helper does no more pass > VIR_DOMAIN_DEF_PARSE_INACTIVE due to dfbc9a83 that tried to mitigate the > changes of a89f05ba. For those it had to switch from >

Re: [libvirt] [PATCH] fix parsing security labels from virt-aa-helper

2016-11-10 Thread Christian Ehrhardt
Sorry, I seem to become a pest more than I'd like to, but my timer on this thread expired again :-) Was the feedback I gave to the questions last week ok to understand the case and maybe reproduce to achieve a ack or do we need to discuss more? ​ -- libvir-list mailing list libvir-list@redhat.com

Re: [libvirt] [PATCH] fix parsing security labels from virt-aa-helper

2016-11-04 Thread Christian Ehrhardt
On Thu, Nov 3, 2016 at 6:15 PM, Guido Günther wrote: Thanks for your feedback Guido! On Mon, Oct 31, 2016 at 11:32:44AM +0100, Christian Ehrhardt wrote: > > When parsing labels virt-aa-helper does no more pass > > VIR_DOMAIN_DEF_PARSE_INACTIVE due to dfbc9a83 that tried to

Re: [libvirt] [PATCH] fix parsing security labels from virt-aa-helper

2016-11-03 Thread Guido Günther
Hi,x On Mon, Oct 31, 2016 at 11:32:44AM +0100, Christian Ehrhardt wrote: > When parsing labels virt-aa-helper does no more pass > VIR_DOMAIN_DEF_PARSE_INACTIVE due to dfbc9a83 that tried to mitigate the > changes of a89f05ba. For those it had to switch from I wouldn't call it mitigate. It was

Re: [libvirt] [PATCH] fix parsing security labels from virt-aa-helper

2016-11-03 Thread Christian Ehrhardt
Sorry to bother, but "ping" for the list and adding some more people to CC - for review or comments on this. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] fix parsing security labels from virt-aa-helper

2016-10-31 Thread Christian Ehrhardt
On Mon, Oct 31, 2016 at 11:32 AM, Christian Ehrhardt < christian.ehrha...@canonical.com> wrote: > But that turned out to break non apparmor seclabels as well as apparmor > seclabels in xmls without labels. > FYI - For a bit extra info on the case, debugging it and in general more background that

[libvirt] [PATCH] fix parsing security labels from virt-aa-helper

2016-10-31 Thread Christian Ehrhardt
When parsing labels virt-aa-helper does no more pass VIR_DOMAIN_DEF_PARSE_INACTIVE due to dfbc9a83 that tried to mitigate the changes of a89f05ba. For those it had to switch from VIR_DOMAIN_DEF_PARSE_INACTIVE to active since we need the domain id (ctl->def->id) as it is part of the socket path now