On Tue, 2025-01-14 at 12:13 -0600, Andrea Bolognani wrote:
> On Wed, Jan 08, 2025 at 11:06:54AM -0700, Jim Fehlig wrote:
> > On 1/8/25 06:50, Georgia Garcia wrote:
> > > On Tue, 2025-01-07 at 17:29 -0700, Jim Fehlig wrote:
> > > > On 1/7/25 08:23, Georgia Garcia w
On Tue, 2025-01-07 at 17:29 -0700, Jim Fehlig wrote:
> On 1/7/25 08:23, Georgia Garcia wrote:
> > Some rules are generated dynamically during boot and added to the
> > AppArmor policy. An example of that is macvtap devices that call the
> > AppArmorSetFDLabel hook to add a ru
On Tue, 2025-01-07 at 17:04 -0700, Jim Fehlig wrote:
> On 1/7/25 08:23, Georgia Garcia wrote:
> > There is a common misconception when writing AppArmor policy that
> > [0-9]* applies * to the [0-9] class, but that's not the case. For this
> > example, [0-9]* matches a si
ncluded by
libvirt-uuid.files that already exists. It also includes other fixes
like memory leaks, adoption of the GLib API in the apparmor files and
a fix on the AppArmor policy that incorrectly applies apparmor policy
syntax.
Georgia Garcia (4):
security_apparmor: fix memleaks in AppArmorSetFDLabel
On Mon, 2025-01-06 at 17:59 -0700, Jim Fehlig wrote:
> On 11/13/24 07:28, Georgia Garcia wrote:
> > There is a common misconception when writing AppArmor policy that
> > [0-9]* applies * to the [0-9] class, but that's not the case. For this
> > example, [0-9]* matches
labels, so that
information is not removed from the set of rules while the domain is
running.
Closes: https://gitlab.com/libvirt/libvirt/-/issues/692
Signed-off-by: Georgia Garcia
---
src/security/security_apparmor.c | 38 +++
src/security/virt-aa-h
-4-12.
Signed-off-by: Georgia Garcia
---
src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in | 5 -
src/security/apparmor/usr.sbin.libvirtd.in | 7 +--
src/security/apparmor/usr.sbin.virtqemud.in | 6 --
3 files changed, 13 insertions(+), 5 deletions(-)
diff --
Moving towards full adoption of GLib APIs in the AppArmor code.
Signed-off-by: Georgia Garcia
Reviewed-by: Jim Fehlig
---
src/security/security_apparmor.c | 42 +
src/security/virt-aa-helper.c| 100 ++-
2 files changed, 46 insertions(+), 96
proc and fd_path are allocated but never freed. Fix by using
g_autofree instead.
Fixes: b9757fea30785a92aa95ea675b9bc371e4fb2e8c
Signed-off-by: Georgia Garcia
Reviewed-by: Jim Fehlig
---
src/security/security_apparmor.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a
On Wed, 2024-11-13 at 11:28 -0300, Georgia Garcia wrote:
> Some rules are generated dynamically during boot and added to the
> AppArmor policy. An example of that is macvtap devices that call the
> AppArmorSetFDLabel hook to add a rule for the tap device path.
>
> Since this
proc and fd_path are allocated but never freed. Fix by using
g_autofree instead.
Fixes: b9757fea30785a92aa95ea675b9bc371e4fb2e8c
Signed-off-by: Georgia Garcia
---
src/security/security_apparmor.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/security
labels, so that
information is not removed from the set of rules while the domain is
running.
Closes: https://gitlab.com/libvirt/libvirt/-/issues/692
Signed-off-by: Georgia Garcia
---
src/security/security_apparmor.c | 38 +++
src/security/virt-aa-h
-4-12.
Signed-off-by: Georgia Garcia
---
src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in | 5 -
src/security/apparmor/usr.sbin.libvirtd.in | 7 +--
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
Moving towards full adoption of GLib APIs in the AppArmor code.
Signed-off-by: Georgia Garcia
---
src/security/security_apparmor.c | 41 -
src/security/virt-aa-helper.c| 100 ++-
2 files changed, 45 insertions(+), 96 deletions(-)
diff --git a/src
ncluded by
libvirt-uuid.files that already exists. It also includes other fixes
like memory leaks, adoption of the GLib API in the apparmor files and
a fix on the AppArmor policy that incorrectly applies apparmor policy
syntax.
Georgia Garcia (4):
security_apparmor: fix memleaks in AppArmorSetFDLabel
Hi Peter,
On Mon, 2024-11-11 at 09:48 +0100, Peter Krempa wrote:
> On Fri, Nov 08, 2024 at 15:58:35 -0300, Georgia Garcia wrote:
> > Some rules are generated dynamically during boot and added to the
> > AppArmor policy. An example of that is macvtap devices that call the
> &g
peration.
Note that there are no hooks for restoring FD labels, so that
information is not removed from the set of rules while the domain is
running.
Closes: https://gitlab.com/libvirt/libvirt/-/issues/692
Signed-off-by: Georgia Garcia
---
src/security/security_a
On Mon, 2024-06-10 at 15:03 +0200, Michal Prívozník wrote:
> On 6/4/24 19:34, Georgia Garcia wrote:
> > Change the 'include' in the AppArmor policy to use 'include if exists'
> > when including .files. Note that 'if exists' is only available
> > a
ools like the following, since they expect the file to exist
when using 'include':
ERROR: Include file
/etc/apparmor.d/libvirt/libvirt-8534a409-a460-4fab-a2dd-0e1dce4ff273.files not
found
Signed-off-by: Georgia Garcia
---
src/security/virt-aa-helper.c | 7 ++-
1 file changed, 6
19 matches
Mail list logo
