[libvirt] virSecurity hook for hugepages?
Serge Hallyn
serge.hallyn at canonical.com
Mon Dec 3 15:26:04 UTC 2012
Hi,
Currently the hugepages support can automatically detect the hugepages
mount, but it doesn't update the security information. At least for
apparmor we need to be able to add permission for the domain to access
the hugetlbfs mount path.
There are a few ways this could be done,
1. add a virSecuritySetSecurityHugepages or virSecuritySetSecurityHugepagesFD
hook which is called perhaps at qemudStartup
2. optionally add the qemu_driver->hugepage_path to the xml output, at
least for the internal format (which is passed to virt-aa-helper). The
concern I have with this is that it brings up the issue of what to do
when defining a domain which has such an entry.
3. reproduce the logic in virt-aa-helper for detecting the hugepages
mount path. Not preferred obviously.
My guess would be that (1) would be preferred, but I wanted to ask here
first and see if there are other suggestions.
thanks,
-serge
More information about the libvir-list
mailing list