From ce4557c3ab3702639db73615dd144ddf036321ed Mon Sep 17 00:00:00 2001
From: Guannan Ren <gren@redhat.com>
Date: Fri, 8 Mar 2013 00:16:59 +0800
Subject: [PATCH] apparmor: use AppArmorSetFDLabel for both imageFD and tapFD

Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
be used as a common function for *ALL* fd relabelling in Linux.

In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
The last line is for the tapfd relabelling.

 # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
  "/var/log/libvirt/**/rhel6qcow2.log" w,
  "/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
  "/var/run/libvirt/**/rhel6qcow2.pid" rwk,
  "/run/libvirt/**/rhel6qcow2.pid" rwk,
  "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
  "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
  "/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
  "/dev/tap45" rw,
---
 src/security/security_apparmor.c | 20 +++++---------------
 1 file changed, 5 insertions(+), 15 deletions(-)

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 2e6a57f77f..9dd8d74ad8 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -884,9 +884,9 @@ AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
 }
 
 static int
-AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
-                        virDomainDefPtr def,
-                        int fd)
+AppArmorSetFDLabel(virSecurityManagerPtr mgr,
+                   virDomainDefPtr def,
+                   int fd)
 {
     int rc = -1;
     char *proc = NULL;
@@ -915,16 +915,6 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
     return reload_profile(mgr, def, fd_path, true);
 }
 
-/* TODO need code here */
-static int
-AppArmorSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                      virDomainDefPtr def ATTRIBUTE_UNUSED,
-                      int fd ATTRIBUTE_UNUSED)
-{
-    return 0;
-}
-
-
 static char *
 AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                         virDomainDefPtr vm ATTRIBUTE_UNUSED)
@@ -975,8 +965,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
     .domainSetSavedStateLabel           = AppArmorSetSavedStateLabel,
     .domainRestoreSavedStateLabel       = AppArmorRestoreSavedStateLabel,
 
-    .domainSetSecurityImageFDLabel      = AppArmorSetImageFDLabel,
-    .domainSetSecurityTapFDLabel        = AppArmorSetTapFDLabel,
+    .domainSetSecurityImageFDLabel      = AppArmorSetFDLabel,
+    .domainSetSecurityTapFDLabel        = AppArmorSetFDLabel,
 
     .domainGetSecurityMountOptions      = AppArmorGetMountOptions,
 };
-- 
GitLab