[libvirt] [PATCH v2] security: aa-helper: fix static defined vfio MDEVs
Erik Skultety
eskultet at redhat.com
Thu Nov 22 13:20:30 UTC 2018
On Thu, Nov 22, 2018 at 01:55:02PM +0100, Christian Ehrhardt wrote:
> virt-aa-helper needs to grant QEMU access to VFIO MDEV devices.
>
> This extends commit 74e86b6b which only covered PCI hostdevs for VFIO-PCI
> assignment by now also covering vfio MDEVs.
> It has still the same limitations regarding the device lifecycle, IOW we're
> unable to predict the actual VFIO device being created, thus we need
> wildcards.
>
> Also note that the hotplug case, where apparmor is able to detect the actual
> VFIO device during runtime, is already covered by commit 606afafb.
>
> Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
> Reviewed-by: Erik Skultety <eskultet at redhat.com>
> Reviewed-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
> ---
I'm sorry if I sounded like I need to see a v2, I just wanted to give other
people time to look at it too before I merge it.
Anyhow, I merged the patch.
Thanks,
Erik
More information about the libvir-list
mailing list