[prev in list] [next in list] [prev in thread] [next in thread]
List: libvir-list
Subject: Re: [PATCH v14 14/15] security_dac: Set DAC label on SGX /dev nodes
From: Peter Krempa <pkrempa () redhat ! com>
Date: 2022-07-28 12:46:32
Message-ID: YuKFKN63ChRbCw3d () angien ! pipo ! sk
[Download RAW message or body]
On Wed, Jul 27, 2022 at 12:35:00 +0200, Michal Privoznik wrote:
> As advertised in previous commits, QEMU needs to access
> /dev/sgx_vepc and /dev/sgx_provision files when SGX memory
> backend is configured. And if it weren't for QEMU's namespaces,
> we wouldn't dare to relabel them, because they are system wide
> files. But if namespaces are used, then we can set label on
> domain's private copies, just like we do for /dev/sev.
>
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
> src/security/security_dac.c | 46 ++++++++++++++++++++++---------------
> 1 file changed, 28 insertions(+), 18 deletions(-)
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Isn't something similar needed also for the apparmor driver?
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic