shaba/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-20 06:50:22 +03:00
Code Releases Activity

security: apparmor: Remove hardcoded "libvirtd" profile name

Browse Source 
The apparmor driver probe function checks for an active profile matching
the full path of the running daemon binary. If not found, it checks for
a profile named "libvirtd". This works fine when the running daemon is the
old monolithic libvirtd, but fails with modular daemons.

Remove the check for a hardcoded "libvirtd" profile and replace with the
basename of the running daemon binary.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Jim Fehlig 2025-01-03 20:44:19 -07:00
parent 6d3b877171
commit d2a39db35b
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/security/security_apparmor.c
View File

@ -239,7 +239,9 @@ use_apparmor(void)
*/
rc = profile_status(libvirt_daemon, 1);
if (rc < 0) {
rc = profile_status("libvirtd", 1);
g_autofree char *basename = g_path_get_basename(libvirt_daemon);
rc = profile_status(basename, 1);
/* Error or unconfined should all result in -1 */
if (rc < 0)
rc = -1;