git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Peter Krempa <pkrempa@redhat.com>
	Thu, 12 Oct 2023 14:03:41 +0000 (16:03 +0200)
committer	Peter Krempa <pkrempa@redhat.com>
	Tue, 17 Oct 2023 12:16:15 +0000 (14:16 +0200)
commit	be96fd77a9f811a6e5395155dc6d29669c43b552
tree	4b444fadca66f49707e94e443eeed9e6abf960ce	tree
parent	433f0d2b9a8b3ce19cc57a5db49e62924b65fed8	commit \| diff

security: apparmor: Use translated disk definitions for disk type=volume

The 'virt-aa-helper' process gets a XML of the VM it needs to create a
profile for. For a disk type='volume' this XML contained only the
pool and volume name.

The 'virt-aa-helper' needs a local path though for anything it needs to
label. This means that we'd either need to invoke connection to the
storage driver and re-resolve the volume. Alternative which makes more
sense is to pass the proper data in the XML already passed to it via the
new XML formatter and parser flags.

This was indirectly reported upstream in
https://gitlab.com/libvirt/libvirt/-/issues/546

The configuration in the issue above was created by Cockpit on Debian.
Since Cockpit is getting more popular it's more likely that users will
be impacted by this problem.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

src/security/security_apparmor.c		diff \| blob \| blame \| history
src/security/virt-aa-helper.c		diff \| blob \| blame \| history