[libvirt] [PATCH] security: aa-helper: fix static defined vfio MDEVs
Boris Fiuczynski
fiuczy at linux.ibm.com
Thu Nov 22 11:50:29 UTC 2018
On 11/22/18 11:32 AM, Christian Ehrhardt wrote:
> On Thu, Nov 22, 2018 at 11:27 AM Christian Ehrhardt <
> christian.ehrhardt at canonical.com> wrote:
>
>> For vfio MDEVs we need to allow qemu the vfio access in apparmor.
>>
>> This is extending the older fix 74e86b6b: "Fix apparmor profile
>> to make vfio pci passthrough work" which was for VFIO PCI
>> passthrough on static hostdevs to now also cover vfio MDEVs.
>> It is having the same limitations of the lifecycle at that time
>> being unable to detect the actual vfio device and therefore
>> adds a wildcars.
>>
>
> obviously wildcards - not afraid of bad traffic, but not worth a V2.
> Fixed locally already as well as the first line which had the word "access"
> twice.
>
> Waiting for feedback to make a V2 with actual (not just commit words)
> changes as needed.
Since the code changes except for vfio-ccw seem to be in line with the
ppa I tested already
Reviewed-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
>
> P.S. @Boris as I know you are affected by missing this I you to CC on the
> thread as well. Enjoy my typos :-/
I sure am! :)
>
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>
--
Mit freundlichen Grüßen/Kind regards
Boris Fiuczynski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Köderitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
More information about the libvir-list
mailing list