Hi all, May I kindly ask someone for some advice on this topic?
Regards, Michal On 21 May 2015 at 20:23, Michał Dubiel <[email protected]> wrote: > Hi guys, > > I have got a question. I need to add apparmor support for vhost-user > socket files used to communicate with the vhost-user server app. Those ones > defined with something like: > <interface type='vhostuser'> > <mac address='02:ed:f3:5d:de:f3'/> > <source type='unix' path='/var/run/vrouter/uvh_vif_tapa8396c51-2a' > mode='client'/> > <model type='virtio'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x03' > function='0x0'/> > </interface> > > I added something like this into get_files() function in virt-aa-helper.c: > for (i = 0; i < ctl->def->nnets; i++) { > if (ctl->def->nets[i] && > ctl->def->nets[i]->type == VIR_DOMAIN_NET_TYPE_VHOSTUSER && > ctl->def->nets[i]->data.vhostuser) { > virDomainChrSourceDefPtr vhu = > ctl->def->nets[i]->data.vhostuser; > > if (vah_add_file_chardev(&buf, vhu->data.nix.path, "rw", > vhu->type) != 0) > goto cleanup; > } > } > > However, there is a restriction for the socket file types in valid_path() > function: > switch (sb.st_mode & S_IFMT) { > case S_IFSOCK: > return 1; > break; > default: > break; > } > That prevents this from working. > > May I ask why the socket file types are restricted? Vhost-user uses > sockets so if I want to use apparmor virt-aa-helper has to be able to add > the line for the socket file into > /etc/apparmor.d/libvirt/libvirt-UUID.files. > > Regards, > Michal > >
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
