Improve virt-aa-helper to handle SDL graphics and cleanups

* src/security/virt-aa-helper.c: add support for SDL devices and 3
  code cleanups

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index dd00ed3b00866c128d7f7c8a01b7b15c4e6c5f5c..ae923e8981bce80c1186f4eb5370cadc19ae59bb 100644 (file)
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -775,7 +775,7 @@ vah_add_file(virBufferPtr buf, const char *path, const char *perms)
 
     virBufferVSprintf(buf, "  \"%s\" %s,\n", tmp, perms);
     if (readonly) {
-        virBufferVSprintf(buf, "  # don't audit writes to readonly media\n");
+        virBufferVSprintf(buf, "  # don't audit writes to readonly files\n");
         virBufferVSprintf(buf, "  deny \"%s\" w,\n", tmp);
     }
 
@@ -872,11 +872,11 @@ get_files(vahControl * ctl)
         if (vah_add_file(&buf, ctl->def->console->data.file.path, "w") != 0)
             goto clean;
 
-    if (ctl->def->os.kernel && ctl->def->os.kernel)
+    if (ctl->def->os.kernel)
         if (vah_add_file(&buf, ctl->def->os.kernel, "r") != 0)
             goto clean;
 
-    if (ctl->def->os.initrd && ctl->def->os.initrd)
+    if (ctl->def->os.initrd)
         if (vah_add_file(&buf, ctl->def->os.initrd, "r") != 0)
             goto clean;
 
@@ -884,6 +884,12 @@ get_files(vahControl * ctl)
         if (vah_add_file(&buf, ctl->def->os.loader, "r") != 0)
             goto clean;
 
+    if (ctl->def->ngraphics == 1 &&
+        ctl->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL)
+        if (vah_add_file(&buf, ctl->def->graphics[0]->data.sdl.xauth,
+                         "r") != 0)
+            goto clean;
+
     for (i = 0; i < ctl->def->nhostdevs; i++)
         if (ctl->def->hostdevs[i]) {
             virDomainHostdevDefPtr dev = ctl->def->hostdevs[i];