[PATCH v14 14/15] security_dac: Set DAC label on SGX /dev nodes
Peter Krempa
pkrempa at redhat.com
Thu Jul 28 12:46:32 UTC 2022
On Wed, Jul 27, 2022 at 12:35:00 +0200, Michal Privoznik wrote:
> As advertised in previous commits, QEMU needs to access
> /dev/sgx_vepc and /dev/sgx_provision files when SGX memory
> backend is configured. And if it weren't for QEMU's namespaces,
> we wouldn't dare to relabel them, because they are system wide
> files. But if namespaces are used, then we can set label on
> domain's private copies, just like we do for /dev/sev.
>
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
> src/security/security_dac.c | 46 ++++++++++++++++++++++---------------
> 1 file changed, 28 insertions(+), 18 deletions(-)
Reviewed-by: Peter Krempa <pkrempa at redhat.com>
Isn't something similar needed also for the apparmor driver?
More information about the libvir-list
mailing list