From nobody Thu May 15 21:05:15 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505922490638810.9237129100712; Wed, 20 Sep 2017 08:48:10 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 415CB7E42B; Wed, 20 Sep 2017 15:48:09 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 20E1B60E3B; Wed, 20 Sep 2017 15:48:09 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DD2141855943; Wed, 20 Sep 2017 15:48:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8KExJAf027937 for ; Wed, 20 Sep 2017 10:59:19 -0400 Received: by smtp.corp.redhat.com (Postfix) id 353BF6063A; Wed, 20 Sep 2017 14:59:19 +0000 (UTC) Received: from mx1.redhat.com (ext-mx06.extmail.prod.ext.phx2.redhat.com [10.5.110.30]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3038760BE3 for ; Wed, 20 Sep 2017 14:59:16 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3930F267D4 for ; Wed, 20 Sep 2017 14:59:16 +0000 (UTC) Received: from 167-139-067-156.ip-addr.inexio.net ([156.67.139.167] helo=lap.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1dugT5-0001Vi-39; Wed, 20 Sep 2017 14:59:15 +0000 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 415CB7E42B Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=fail (p=none dis=none) header.from=canonical.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 415CB7E42B DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3930F267D4 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=fail (p=none dis=none) header.from=canonical.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=none smtp.mailfrom=christian.ehrhardt@canonical.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 3930F267D4 From: Christian Ehrhardt To: Libvirt Devel Date: Wed, 20 Sep 2017 16:59:09 +0200 Message-Id: <1505919549-19756-5-git-send-email-christian.ehrhardt@canonical.com> In-Reply-To: <1505919549-19756-1-git-send-email-christian.ehrhardt@canonical.com> References: <1505919549-19756-1-git-send-email-christian.ehrhardt@canonical.com> X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 205 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 20 Sep 2017 14:59:16 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 20 Sep 2017 14:59:16 +0000 (UTC) for IP:'91.189.89.112' DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com' FROM:'christian.ehrhardt@canonical.com' RCPT:'' X-RedHat-Spam-Score: -2.321 (RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com 91.189.89.112 youngberry.canonical.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.30 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Jamie Strandboge , Guido Guenther , Christian Ehrhardt Subject: [libvirt] [PATCH 4/4] virt-aa-helper: put static rules in quotes X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Wed, 20 Sep 2017 15:48:09 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" To avoid any issues later on if paths ever change (unlikely but possible) and to match the style of other generated rules the paths of the static rules have to be quoted as well. Signed-off-by: Christian Ehrhardt --- src/security/virt-aa-helper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 5f4519d..95906e6 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1149,11 +1149,11 @@ get_files(vahControl * ctl) } } if (needsvhost) - virBufferAddLit(&buf, " /dev/vhost-net rw,\n"); + virBufferAddLit(&buf, " \"/dev/vhost-net\" rw,\n"); =20 if (needsVfio) { - virBufferAddLit(&buf, " /dev/vfio/vfio rw,\n"); - virBufferAddLit(&buf, " /dev/vfio/[0-9]* rw,\n"); + virBufferAddLit(&buf, " \"/dev/vfio/vfio\" rw,\n"); + virBufferAddLit(&buf, " \"/dev/vfio/[0-9]*\" rw,\n"); } =20 if (ctl->newfile) --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list