Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
libvirt
提交
aaf20355
L
libvirt
项目概览
openeuler
/
libvirt
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
L
libvirt
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
aaf20355
编写于
5月 06, 2011
作者:
C
Cole Robinson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
apparmor: Convert virExec usage to virCommand
Untested
上级
8d0188fb
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
13 addition
and
57 deletion
+13
-57
src/security/security_apparmor.c
src/security/security_apparmor.c
+13
-57
未找到文件。
src/security/security_apparmor.c
浏览文件 @
aaf20355
...
...
@@ -166,16 +166,10 @@ load_profile(virSecurityManagerPtr mgr,
int
rc
=
-
1
,
status
,
ret
;
bool
create
=
true
;
char
*
xml
=
NULL
;
int
pipefd
[
2
];
pid_t
child
;
virCommandPtr
cmd
;
const
char
*
probe
=
virSecurityManagerGetAllowDiskFormatProbing
(
mgr
)
?
"1"
:
"0"
;
if
(
pipe
(
pipefd
)
<
-
1
)
{
virReportSystemError
(
errno
,
"%s"
,
_
(
"unable to create pipe"
));
return
rc
;
}
xml
=
virDomainDefFormat
(
vm
->
def
,
VIR_DOMAIN_XML_SECURE
);
if
(
!
xml
)
goto
clean
;
...
...
@@ -183,57 +177,19 @@ load_profile(virSecurityManagerPtr mgr,
if
(
profile_status_file
(
profile
)
>=
0
)
create
=
false
;
if
(
create
)
{
const
char
*
const
argv
[]
=
{
VIRT_AA_HELPER
,
"-p"
,
probe
,
"-c"
,
"-u"
,
profile
,
NULL
};
ret
=
virExec
(
argv
,
NULL
,
NULL
,
&
child
,
pipefd
[
0
],
NULL
,
NULL
,
VIR_EXEC_NONE
);
}
else
if
(
fn
&&
append
)
{
const
char
*
const
argv
[]
=
{
VIRT_AA_HELPER
,
"-p"
,
probe
,
"-r"
,
"-u"
,
profile
,
"-F"
,
fn
,
NULL
};
ret
=
virExec
(
argv
,
NULL
,
NULL
,
&
child
,
pipefd
[
0
],
NULL
,
NULL
,
VIR_EXEC_NONE
);
}
else
if
(
fn
)
{
const
char
*
const
argv
[]
=
{
VIRT_AA_HELPER
,
"-p"
,
probe
,
"-r"
,
"-u"
,
profile
,
"-f"
,
fn
,
NULL
};
ret
=
virExec
(
argv
,
NULL
,
NULL
,
&
child
,
pipefd
[
0
],
NULL
,
NULL
,
VIR_EXEC_NONE
);
}
else
{
const
char
*
const
argv
[]
=
{
VIRT_AA_HELPER
,
"-p"
,
probe
,
"-r"
,
"-u"
,
profile
,
NULL
};
ret
=
virExec
(
argv
,
NULL
,
NULL
,
&
child
,
pipefd
[
0
],
NULL
,
NULL
,
VIR_EXEC_NONE
);
}
if
(
ret
<
0
)
goto
clean
;
/* parent continues here */
if
(
safewrite
(
pipefd
[
1
],
xml
,
strlen
(
xml
))
<
0
)
{
virReportSystemError
(
errno
,
"%s"
,
_
(
"unable to write to pipe"
));
goto
clean
;
cmd
=
virCommandNewArgList
(
VIRT_AA_HELPER
,
"-p"
,
probe
,
create
?
"-c"
:
"-r"
,
"-u"
,
profile
,
NULL
);
if
(
!
create
&&
fn
)
{
if
(
append
)
{
virCommandAddArgList
(
cmd
,
"-F"
,
fn
,
NULL
);
}
else
{
virCommandAddArgList
(
cmd
,
"-f"
,
fn
,
NULL
);
}
}
VIR_FORCE_CLOSE
(
pipefd
[
1
]);
rc
=
0
;
while
((
ret
=
waitpid
(
child
,
&
status
,
0
))
<
0
&&
errno
==
EINTR
);
if
(
ret
<
0
)
{
virReportSystemError
(
errno
,
_
(
"Failed to reap virt-aa-helper pid %lu"
),
(
unsigned
long
)
child
);
rc
=
-
1
;
}
else
if
(
status
)
{
char
*
str
=
virCommandTranslateStatus
(
status
);
virSecurityReportError
(
VIR_ERR_INTERNAL_ERROR
,
_
(
"Unexpected status from virt-aa-helper "
"pid %lu: %s"
),
(
unsigned
long
)
child
,
NULLSTR
(
str
));
VIR_FREE
(
str
);
rc
=
-
1
;
}
virCommandSetInputBuffer
(
cmd
,
xml
);
rc
=
virCommandRun
(
cmd
,
NULL
);
clean:
VIR_FREE
(
xml
);
...
...
@@ -580,7 +536,7 @@ AppArmorRestoreSecurityAllLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
return
rc
;
}
/* Called via vir
ExecWithH
ook. Output goes to
/* Called via vir
Command h
ook. Output goes to
* LOCALSTATEDIR/log/libvirt/qemu/<vm name>.log
*/
static
int
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录