diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 72a4d078e4c8242fc363c4c91009b271a37d8f46..d52945a1b894444550ea30a4ec424ca410427e67 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -862,15 +862,44 @@ get_files(vahControl * ctl)
}
for (i = 0; i < ctl->def->nserials; i++)
- if (ctl->def->serials[i] && ctl->def->serials[i]->data.file.path)
+ if (ctl->def->serials[i] &&
+ (ctl->def->serials[i]->type == VIR_DOMAIN_CHR_TYPE_PTY ||
+ ctl->def->serials[i]->type == VIR_DOMAIN_CHR_TYPE_DEV ||
+ ctl->def->serials[i]->type == VIR_DOMAIN_CHR_TYPE_FILE ||
+ ctl->def->serials[i]->type == VIR_DOMAIN_CHR_TYPE_PIPE) &&
+ ctl->def->serials[i]->data.file.path)
if (vah_add_file(&buf,
- ctl->def->serials[i]->data.file.path, "w") != 0)
+ ctl->def->serials[i]->data.file.path, "rw") != 0)
goto clean;
if (ctl->def->console && ctl->def->console->data.file.path)
- if (vah_add_file(&buf, ctl->def->console->data.file.path, "w") != 0)
+ if (vah_add_file(&buf, ctl->def->console->data.file.path, "rw") != 0)
goto clean;
+ for (i = 0 ; i < ctl->def->nparallels; i++)
+ if (ctl->def->parallels[i] &&
+ (ctl->def->parallels[i]->type == VIR_DOMAIN_CHR_TYPE_PTY ||
+ ctl->def->parallels[i]->type == VIR_DOMAIN_CHR_TYPE_DEV ||
+ ctl->def->parallels[i]->type == VIR_DOMAIN_CHR_TYPE_FILE ||
+ ctl->def->parallels[i]->type == VIR_DOMAIN_CHR_TYPE_PIPE) &&
+ ctl->def->parallels[i]->data.file.path)
+ if (vah_add_file(&buf,
+ ctl->def->parallels[i]->data.file.path,
+ "rw") != 0)
+ goto clean;
+
+ for (i = 0 ; i < ctl->def->nchannels; i++)
+ if (ctl->def->channels[i] &&
+ (ctl->def->channels[i]->type == VIR_DOMAIN_CHR_TYPE_PTY ||
+ ctl->def->channels[i]->type == VIR_DOMAIN_CHR_TYPE_DEV ||
+ ctl->def->channels[i]->type == VIR_DOMAIN_CHR_TYPE_FILE ||
+ ctl->def->channels[i]->type == VIR_DOMAIN_CHR_TYPE_PIPE) &&
+ ctl->def->channels[i]->data.file.path)
+ if (vah_add_file(&buf,
+ ctl->def->channels[i]->data.file.path,
+ "rw") != 0)
+ goto clean;
+
if (ctl->def->os.kernel)
if (vah_add_file(&buf, ctl->def->os.kernel, "r") != 0)
goto clean;
diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
index dc3d4fc8b17c44b8a0346cad076de9cbc98ab57b..9b51d75f154c0a15d665dd367099921b08681094 100755
--- a/tests/virt-aa-helper-test
+++ b/tests/virt-aa-helper-test
@@ -246,6 +246,9 @@ testme "0" "serial" "-r -u $valid_uuid" "$test_xml"
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,,g" > "$test_xml"
testme "0" "serial (pty)" "-r -u $valid_uuid" "$test_xml"
+cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,,g" > "$test_xml"
+testme "0" "serial (dev)" "-r -u $valid_uuid" "$test_xml"
+
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,,g" > "$test_xml"
touch "$tmpdir/console.log"
testme "0" "console" "-r -u $valid_uuid" "$test_xml"
@@ -253,6 +256,16 @@ testme "0" "console" "-r -u $valid_uuid" "$test_xml"
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,,g" > "$test_xml"
testme "0" "console (pty)" "-r -u $valid_uuid" "$test_xml"
+cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,,g" > "$test_xml"
+testme "0" "parallel (pty)" "-r -u $valid_uuid" "$test_xml"
+
+cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,,g" > "$test_xml"
+touch "$tmpdir/guestfwd"
+testme "0" "channel (unix)" "-r -u $valid_uuid" "$test_xml"
+
+cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,,g" > "$test_xml"
+testme "0" "channel (pty)" "-r -u $valid_uuid" "$test_xml"
+
cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,$tmpdir/kernel,g" > "$test_xml"
touch "$tmpdir/kernel"
testme "0" "kernel" "-r -u $valid_uuid" "$test_xml"