Don't enable the AppArmour security driver with LXC

The AppArmour driver does not currently have support for LXC so ensure that when probing, it claims to be disabled Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>

Don't enable the AppArmour security driver with LXC
The AppArmour driver does not currently have support for LXC so ensure that when probing, it claims to be disabled Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>
cf36c23b · Daniel Walsh · Daniel P. Berrange · 73580c60 · cf36c23b
隐藏空白更改
内联并排

Showing with 4 addition and 1 deletion

src/security/security_apparmor.c src/security/security_apparmor.c +4 -1

未找到文件。
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -328,7 +328,7 @@ AppArmorSetSecurityPCILabel(pciDevice *dev ATTRIBUTE_UNUSED,

 /* Called on libvirtd startup to see if AppArmor is available */
 static int
-AppArmorSecurityManagerProbe(const char *virtDriver ATTRIBUTE_UNUSED)
+AppArmorSecurityManagerProbe(const char *virtDriver)
 {
    char *template = NULL;
    int rc = SECURITY_DRIVER_DISABLE;
@@ -336,6 +336,9 @@ AppArmorSecurityManagerProbe(const char *virtDriver ATTRIBUTE_UNUSED)
    if (use_apparmor() < 0)
        return rc;

+    if (virtDriver && STREQ(virtDriver, "LXC"))
+        return rc;
+
    /* see if template file exists */
    if (virAsprintf(&template, "%s/TEMPLATE",
                               APPARMOR_DIR "/libvirt") == -1) {