[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libvir-list
Subject:    Re: [PATCH v14 14/15] security_dac: Set DAC label on SGX /dev nodes
From:       Peter Krempa <pkrempa () redhat ! com>
Date:       2022-07-28 12:46:32
Message-ID: YuKFKN63ChRbCw3d () angien ! pipo ! sk
[Download RAW message or body]

On Wed, Jul 27, 2022 at 12:35:00 +0200, Michal Privoznik wrote:
> As advertised in previous commits, QEMU needs to access
> /dev/sgx_vepc and /dev/sgx_provision files when SGX memory
> backend is configured. And if it weren't for QEMU's namespaces,
> we wouldn't dare to relabel them, because they are system wide
> files. But if namespaces are used, then we can set label on
> domain's private copies, just like we do for /dev/sev.
> 
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
>  src/security/security_dac.c | 46 ++++++++++++++++++++++---------------
>  1 file changed, 28 insertions(+), 18 deletions(-)

Reviewed-by: Peter Krempa <pkrempa@redhat.com>

Isn't something similar needed also for the apparmor driver?

[prev in list] [next in list] [prev in thread] [next in thread]