apparmor: use AppArmorSetFDLabel for both imageFD and tapFD

Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could be used as a common function for *ALL* fd relabelling in Linux. In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773 Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files The last line is for the tapfd relabelling. # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT. "/var/log/libvirt/**/rhel6qcow2.log" w, "/var/lib/libvirt/**/rhel6qcow2.monitor" rw, "/var/run/libvirt/**/rhel6qcow2.pid" rwk, "/run/libvirt/**/rhel6qcow2.pid" rwk, "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw, "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw, "/var/lib/libvirt/images/rhel6u3qcow2.img" rw, "/dev/tap45" rw,

apparmor: use AppArmorSetFDLabel for both imageFD and tapFD
Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could be used as a common function for *ALL* fd relabelling in Linux. In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773 Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files The last line is for the tapfd relabelling. # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT. "/var/log/libvirt/**/rhel6qcow2.log" w, "/var/lib/libvirt/**/rhel6qcow2.monitor" rw, "/var/run/libvirt/**/rhel6qcow2.pid" rwk, "/run/libvirt/**/rhel6qcow2.pid" rwk, "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw, "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw, "/var/lib/libvirt/images/rhel6u3qcow2.img" rw, "/dev/tap45" rw,
ce4557c3 · Guannan Ren · ab1ef3bc · ce4557c3
隐藏空白更改
内联并排

Showing with 5 addition and 15 deletion

src/security/security_apparmor.c src/security/security_apparmor.c +5 -15

未找到文件。
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -884,9 +884,9 @@ AppArmorRestoreSavedStateLabel(virSecurityManagerPtr mgr,
 }
 static int
-AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
+AppArmorSetFDLabel(virSecurityManagerPtr mgr,
-                        virDomainDefPtr def,
+                   virDomainDefPtr def,
-                        int fd)
+                   int fd)
 {
    int rc = -1;
    char *proc = NULL;
@@ -915,16 +915,6 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
    return reload_profile(mgr, def, fd_path, true);
 }
-/* TODO need code here */
-static int
-AppArmorSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                      virDomainDefPtr def ATTRIBUTE_UNUSED,
-                      int fd ATTRIBUTE_UNUSED)
-{
-    return 0;
-}
 static char *
 AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                        virDomainDefPtr vm ATTRIBUTE_UNUSED)
@@ -975,8 +965,8 @@ virSecurityDriver virAppArmorSecurityDriver = {
    .domainSetSavedStateLabel           = AppArmorSetSavedStateLabel,
    .domainRestoreSavedStateLabel       = AppArmorRestoreSavedStateLabel,
-    .domainSetSecurityImageFDLabel      = AppArmorSetImageFDLabel,
+    .domainSetSecurityImageFDLabel      = AppArmorSetFDLabel,
-    .domainSetSecurityTapFDLabel        = AppArmorSetTapFDLabel,
+    .domainSetSecurityTapFDLabel        = AppArmorSetFDLabel,
    .domainGetSecurityMountOptions      = AppArmorGetMountOptions,
 };