From: Peter Kieser <peter@kieser.ca>
Date: Thu, 20 Aug 2015 17:58:59 +0000 (-0700)
Subject: virt-aa-helper: add NVRAM store file for read/write
X-Git-Tag: v1.2.19-rc1~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91fdcefa7f145c1c39acc8e9a44fbfbf11568e54;p=thirdparty%2Flibvirt.git

virt-aa-helper: add NVRAM store file for read/write

This is a cryptographically signed message in MIME format.

Some UEFI firmwares may want to use a non-volatile memory to store some
variables.
If AppArmor is enabled, and NVRAM store file is set currently
virt-aa-helper does
not add the NVRAM store file to the template. Add this file for
read/write when
this functionality is defined in domain XML.

Signed-off-by: Peter Kieser <peter@kieser.ca>
---

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index f163fe777c..a78c4c8db6 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1057,6 +1057,10 @@ get_files(vahControl * ctl)
         if (vah_add_file(&buf, ctl->def->os.loader->path, "r") != 0)
             goto cleanup;
 
+    if (ctl->def->os.loader && ctl->def->os.loader->nvram)
+        if (vah_add_file(&buf, ctl->def->os.loader->nvram, "rw") != 0)
+            goto cleanup;
+
     for (i = 0; i < ctl->def->ngraphics; i++) {
         if (ctl->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
             ctl->def->graphics[i]->data.vnc.socket &&