I now have an upstreamable patch that I will be uploading to Ubuntu shortly. It adds tests to the build suite and passes QRT (with the newly ..._console_pipe() test):
Description: fix AppArmor driver for pipe character devices
The AppArmor security driver adds only the path specified in the domain XML
for character devices of type 'pipe'. It should be using <path>.in and
<path>.out. We do this by creating a new vah_add_file_chardev() and use
it for char devices instead of vah_add_file(). Also adjust valid_path() to
accept S_FIFO (since qemu chardevs of type 'pipe' use fifos).
I now have an upstreamable patch that I will be uploading to Ubuntu shortly. It adds tests to the build suite and passes QRT (with the newly ..._console_pipe() test): file_chardev( ) and use
Description: fix AppArmor driver for pipe character devices
The AppArmor security driver adds only the path specified in the domain XML
for character devices of type 'pipe'. It should be using <path>.in and
<path>.out. We do this by creating a new vah_add_
it for char devices instead of vah_add_file(). Also adjust valid_path() to
accept S_FIFO (since qemu chardevs of type 'pipe' use fifos).