From: Jim Fehlig <jfehlig@suse.com>
Date: Fri, 3 Feb 2017 02:17:29 +0000 (-0700)
Subject: apparmor: don't overwrite error from reload_profile
X-Git-Tag: CVE-2017-2635~109
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5cdfc80ba88e8856fbebe78e850b39807ed9b811;p=thirdparty%2Flibvirt.git

apparmor: don't overwrite error from reload_profile

Like other callers of reload_profile, don't overwrite errors in
AppArmorSetSecurityHostdevLabelHelper.
---

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 2c33abb615..ad50b08082 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -322,19 +322,7 @@ AppArmorSetSecurityHostdevLabelHelper(const char *file, void *opaque)
     struct SDPDOP *ptr = opaque;
     virDomainDefPtr def = ptr->def;
 
-    if (reload_profile(ptr->mgr, def, file, true) < 0) {
-        virSecurityLabelDefPtr secdef = virDomainDefGetSecurityLabelDef(
-                                                def, SECURITY_APPARMOR_NAME);
-        if (!secdef) {
-            virReportOOMError();
-            return -1;
-        }
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("cannot update AppArmor profile \'%s\'"),
-                       secdef->imagelabel);
-        return -1;
-    }
-    return 0;
+    return reload_profile(ptr->mgr, def, file, true);
 }
 
 static int