mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
Commit dbf1f68410 ("security: do not remember/recall labels for VFIO") rightly changed the DAC and SELinux labeling parameters to fix a problem with "VFIO hostdevs" but really only addressed the PCI codepaths. As a result, we can still encounter this with VFIO MDEVs such as vfio-ccw and vfio-ap, which can fail on a hotplug: [test@host ~]# mdevctl stop -u 11f2d2bc-4083-431d-a023-eff72715c4f0 [test@host ~]# mdevctl start -u 11f2d2bc-4083-431d-a023-eff72715c4f0 [test@host ~]# cat disk.xml <hostdev mode='subsystem' type='mdev' model='vfio-ccw'> <source> <address uuid='11f2d2bc-4083-431d-a023-eff72715c4f0'/> </source> <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x3c51'/> </hostdev> [test@host ~]# virsh attach-device guest ~/disk.xml error: Failed to attach device from /home/test/disk.xml error: Requested operation is not valid: Setting different SELinux label on /dev/vfio/3 which is already in use Make the same changes as reported in commit dbf1f68410, for the mdev paths. Reported-by: Matthew Rosato <mjrosato@linux.ibm.com> Signed-off-by: Eric Farman <farman@linux.ibm.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>