[libvirt] [PATCH v2] Fix apparmor profile to make vfio pci passthrough work

[Eric Blake]

On 03/25/2014 03:27 PM, Serge Hallyn wrote:
> Quoting Cedric Bosdonnat (cbosdonnat at suse.com):
>> On Tue, 2014-03-25 at 10:40 -0500, Serge Hallyn wrote:
>>> Quoting Cédric Bosdonnat (cbosdonnat at suse.com):
>>>> See lp#1276719 for the bug description. As virt-aa-helper doesn't know
>>>> the VFIO groups to use for the guest, allow access to all
>>>> /dev/vfio/[0-9]* and /dev/vfio/vfio files if there is a potential need
>>>> for vfio
>>>> ---
>>>
>>> Thanks, Cédric!  Looks good to me.  Still needs a signed-off-by from you
>>> (I assume), but
>>>
>>> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>>
>> I wasn't aware I needed to sign-off my patches, but I can resubmit with
>> it ;)
> 
> Actually it looks like I'm wrong, libvirt doesn't require them:
> 
> http://libvirt.org/hacking.html  (point 3)
> 
> I've pushed this patch to ppa:ubuntu-virt/candidate, which is meant to
> go into trusty when qemu 2.0 is released.

> +    if (needsVfio) {
> +        virBufferAsprintf(&buf, "  /dev/vfio/vfio rw,\n");
> +        virBufferAsprintf(&buf, "  /dev/vfio/[0-9]* rw,\n");

virBufferAsprintf should only be used with % format strings.  This fails
'make syntax-check':

prohibit_virBufferAsprintf_with_string_literal
src/security/virt-aa-helper.c:1107:        virBufferAsprintf(&buf, "
/dev/vfio/vfio rw,\n");
src/security/virt-aa-helper.c:1108:        virBufferAsprintf(&buf, "
/dev/vfio/[0-9]* rw,\n");
maint.mk: use virBufferAddLit, not virBufferAsprintf, with a string literal

I made the obvious change, and pushed in time for 1.2.3.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140327/a3631e18/attachment-0001.sig>