security: Mark ROMs as read only when using AppArmor

Before this, attempting to use a ROM that was not explictly
marked at read only resulted in an error at startup time.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index f4ec6b7826ba532f0dbac2dcd4ed89f7f98e6be6..3ac4740fb5c6faf143d704a77e30ca02cfa7d75c 100644 (file)
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1021,7 +1021,15 @@ get_files(vahControl * ctl)
 
     if (ctl->def->os.loader && ctl->def->os.loader->path) {
         bool readonly = false;
+
+        /* Look at the readonly attribute, but also keep in mind that ROMs
+         * are always loaded read-only regardless of whether the attribute
+         * is present. Validation ensures that nonsensical configurations
+         * (type=rom readonly=no) are rejected long before we get here */
         virTristateBoolToBool(ctl->def->os.loader->readonly, &readonly);
+        if (ctl->def->os.loader->type == VIR_DOMAIN_LOADER_TYPE_ROM)
+            readonly = true;
+
         if (vah_add_file(&buf,
                          ctl->def->os.loader->path,
                          readonly ? "rk" : "rwk") != 0) {