Improve virt-aa-helper to handle SDL graphics and cleanups

* src/security/virt-aa-helper.c: add support for SDL devices and 3 code cleanups

Improve virt-aa-helper to handle SDL graphics and cleanups
* src/security/virt-aa-helper.c: add support for SDL devices and 3 code cleanups
1a253b38 · Jamie Strandboge · Daniel Veillard · 1efb6236 · 1a253b38
隐藏空白更改
内联并排

Showing with 9 addition and 3 deletion

src/security/virt-aa-helper.c src/security/virt-aa-helper.c +9 -3

未找到文件。
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -775,7 +775,7 @@ vah_add_file(virBufferPtr buf, const char *path, const char *perms)

    virBufferVSprintf(buf, "  \"%s\" %s,\n", tmp, perms);
    if (readonly) {
-        virBufferVSprintf(buf, "  # don't audit writes to readonly media\n");
+        virBufferVSprintf(buf, "  # don't audit writes to readonly files\n");
        virBufferVSprintf(buf, "  deny \"%s\" w,\n", tmp);
    }

@@ -872,11 +872,11 @@ get_files(vahControl * ctl)
        if (vah_add_file(&buf, ctl->def->console->data.file.path, "w") != 0)
            goto clean;

-    if (ctl->def->os.kernel && ctl->def->os.kernel)
+    if (ctl->def->os.kernel)
        if (vah_add_file(&buf, ctl->def->os.kernel, "r") != 0)
            goto clean;

-    if (ctl->def->os.initrd && ctl->def->os.initrd)
+    if (ctl->def->os.initrd)
        if (vah_add_file(&buf, ctl->def->os.initrd, "r") != 0)
            goto clean;

@@ -884,6 +884,12 @@ get_files(vahControl * ctl)
        if (vah_add_file(&buf, ctl->def->os.loader, "r") != 0)
            goto clean;

+    if (ctl->def->ngraphics == 1 &&
+        ctl->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL)
+        if (vah_add_file(&buf, ctl->def->graphics[0]->data.sdl.xauth,
+                         "r") != 0)
+            goto clean;
+
    for (i = 0; i < ctl->def->nhostdevs; i++)
        if (ctl->def->hostdevs[i]) {
            virDomainHostdevDefPtr dev = ctl->def->hostdevs[i];