[Bug 1704782] Re: qcow base image apparmor rule missing in artful

ChristianEhrhardt Mon, 17 Jul 2017 06:02:00 -0700

gdb break on "vah_add_file" which is the generic path adder for most calls.
A debuggable call is like:
  /usr/lib/libvirt/virt-aa-helper --create --dryrun --uuid 
'libvirt-0b4a7877-7bd2-4059-8ab3-9d02a763a682' < kvmguest-artful-normal.xml


Trace of the old code that added it is:
Breakpoint 1, add_file_path (disk=0x10005fb8d10, 
    path=0x10005fcd160 
"/var/lib/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZC5kYWlseTpzZXJ2ZXI6MTcuMTA6cHBjNjRlbCAyMDE3MDcxMw==",
 
    depth=1, opaque=0x3fffe38cb760) at 
../../../src/security/virt-aa-helper.c:894
894     in ../../../src/security/virt-aa-helper.c
(gdb) bt
#0  add_file_path (disk=0x10005fb8d10, 
    path=0x10005fcd160 
"/var/lib/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZC5kYWlseTpzZXJ2ZXI6MTcuMTA6cHBjNjRlbCAyMDE3MDcxMw==",
 
    depth=1, opaque=0x3fffe38cb760) at 
../../../src/security/virt-aa-helper.c:894
#1  0x00003fffa8977c50 in virDomainDiskDefForeachPath (disk=0x10005fb8d10, 
ignoreOpenFailure=<optimized out>, iter=0x2f121dc0 <add_file_path>, 
    opaque=0x3fffe38cb760) at ../../../src/conf/domain_conf.c:24875
#2  0x000000002f11cd80 in get_files (ctl=0x3fffe38cb778) at 
../../../src/security/virt-aa-helper.c:947
#3  vahParseArgv (argv=<optimized out>, argc=<optimized out>, 
ctl=0x3fffe38cb778) at ../../../src/security/virt-aa-helper.c:1260
#4  main (argc=<optimized out>, argv=<optimized out>) at 
../../../src/security/virt-aa-helper.c:1309


Uses the iterator of "virDomainDiskDefForeachPath" with a call from aa-helper
  virDomainDiskDefForeachPath(disk, true, add_file_path, &buf)

The code around that is still the same, but there is a difference
Old:
24871         /* execute the callback only for local storage */                 
       
24872         if (actualType != VIR_STORAGE_TYPE_NETWORK &&                     
       
24873             actualType != VIR_STORAGE_TYPE_VOLUME &&                      
       
24874             tmp->path) {                                                  
       
24875             if (iter(disk, tmp->path, depth, opaque) < 0)
New:
26003         /* execute the callback only for local storage */                 
       
26004         if (virStorageSourceIsLocalStorage(tmp) &&                        
       
26005             tmp->path) {                                                  
       
26006             if (iter(disk, tmp->path, depth, opaque) < 0)

The new function defaults to false and there are various conditions that might 
not more call the iterator now.
Assumption is that the base file is one of them.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1704782

Title:
  qcow base image apparmor rule missing in artful

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1704782/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1704782] Re: qcow base image apparmor rule missing in artful

Reply via email to