From gren@redhat.com Thu Oct 25 02:44:21 2012
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
	(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id q9P6iK3p023913 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 25 Oct 2012 02:44:20 -0400
Received: from linux-j6n6.nay.redhat.com ([10.66.17.30])
	by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id q9P6i6P7014569
	for <libvir-list@redhat.com>; Thu, 25 Oct 2012 02:44:14 -0400
From: Guannan Ren <gren@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 25 Oct 2012 14:51:39 +0800
Message-Id: <1351147899-16519-4-git-send-email-gren@redhat.com>
In-Reply-To: <1351147899-16519-1-git-send-email-gren@redhat.com>
References: <1351147899-16519-1-git-send-email-gren@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 3/3] apparmor: use AppArmorSetFDLabel for both
	imageFD and tapFD
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2012 06:44:21 -0000
Content-Length: 2357
Lines: 60

Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
be used as a common function for *ALL* fd relabelling in Linux.

In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
The last line is for the tapfd relabelling.

 # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
  "/var/log/libvirt/**/rhel6qcow2.log" w,
  "/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
  "/var/run/libvirt/**/rhel6qcow2.pid" rwk,
  "/run/libvirt/**/rhel6qcow2.pid" rwk,
  "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
  "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
  "/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
  "/dev/tap45" rw,
---
 src/security/security_apparmor.c |   15 +++------------
 1 files changed, 3 insertions(+), 12 deletions(-)

Index: libvirt-1.0.1/src/security/security_apparmor.c
===================================================================
--- libvirt-1.0.1.orig/src/security/security_apparmor.c	2013-01-22 10:43:07.128737304 -0600
+++ libvirt-1.0.1/src/security/security_apparmor.c	2013-01-22 10:43:07.124737304 -0600
@@ -840,7 +840,7 @@
 }
 
 static int
-AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
+AppArmorSetFDLabel(virSecurityManagerPtr mgr,
                         virDomainDefPtr def,
                         int fd)
 {
@@ -871,16 +871,6 @@
     return reload_profile(mgr, def, fd_path, true);
 }
 
-/* TODO need code here */
-static int
-AppArmorSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-                      virDomainDefPtr def ATTRIBUTE_UNUSED,
-                      int fd ATTRIBUTE_UNUSED)
-{
-    return 0;
-}
-
-
 static char *
 AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                         virDomainDefPtr vm ATTRIBUTE_UNUSED)
@@ -930,8 +920,8 @@
     .domainSetSavedStateLabel           = AppArmorSetSavedStateLabel,
     .domainRestoreSavedStateLabel       = AppArmorRestoreSavedStateLabel,
 
-    .domainSetSecurityImageFDLabel      = AppArmorSetImageFDLabel,
-    .domainSetSecurityTapFDLabel        = AppArmorSetTapFDLabel,
+    .domainSetSecurityImageFDLabel      = AppArmorSetFDLabel,
+    .domainSetSecurityTapFDLabel        = AppArmorSetFDLabel,
 
     .domainGetSecurityMountOptions      = AppArmorGetMountOptions,
 };
