From: Jamie Strandboge <jamie@ubuntu.com>
Date: Tue, 6 Apr 2010 14:17:08 +0000 (+0200)
Subject: virt-aa-helper should not fail if profile was removed
X-Git-Tag: v0.8.0~51
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba32e11d4158a6a58c5ad5dafcaaeeab13c0c8fb;p=thirdparty%2Flibvirt.git

virt-aa-helper should not fail if profile was removed

Don't exit with error if the user unloaded the profile outside of
 libvirt
* src/security/virt-aa-helper.c: check the exit error from apparmor_parser
  before exiting with a failure
---

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 78bef41ae8..ec63157907 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -182,6 +182,8 @@ parserCommand(const char *profile_name, const char cmd)
 {
     char flag[3];
     char profile[PATH_MAX];
+    int status;
+    int ret;
 
     if (strchr("arR", cmd) == NULL) {
         vah_error(NULL, 0, "invalid flag");
@@ -203,9 +205,17 @@ parserCommand(const char *profile_name, const char cmd)
         const char * const argv[] = {
             "/sbin/apparmor_parser", flag, profile, NULL
         };
-        if (virRun(argv, NULL) != 0) {
-            vah_error(NULL, 0, "failed to run apparmor_parser");
-            return -1;
+        if ((ret = virRun(argv, &status)) != 0 ||
+            (WIFEXITED(status) && WEXITSTATUS(status) != 0)) {
+            if (ret != 0) {
+                vah_error(NULL, 0, "failed to run apparmor_parser");
+                return -1;
+            } else if (cmd == 'R' && WIFEXITED(status) && WEXITSTATUS(status) == 234) {
+                vah_warning("unable to unload already unloaded profile (non-fatal)");
+            } else {
+                vah_error(NULL, 0, "apparmor_parser exited with error");
+                return -1;
+            }
         }
     }