External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-11-02 11:21:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
ee32939fff
libvirt/src/security
History
Christian Ehrhardt ef6bbfff78 security: aa-helper: Fix static defined vfio MDEVs 
virt-aa-helper needs to grant QEMU access to VFIO MDEV devices.

This extends commit 74e86b6b which only covered PCI hostdevs for VFIO-PCI
assignment by now also covering vfio MDEVs.
It has still the same limitations regarding the device lifecycle, IOW we're
unable to predict the actual VFIO device being created, thus we need
wildcards.

Also note that the hotplug case, where apparmor is able to detect the actual
VFIO device during runtime, is already covered by commit 606afafb.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
2018-11-22 14:19:54 +01:00
..
Makefile.inc.am make: split security driver build rules into security/Makefile.inc.am 2018-03-05 17:12:01 +00:00
security_apparmor.c src: More cleanup of some system headers already contained in internal.h 2018-09-20 10:16:39 +02:00
security_apparmor.h
security_dac.c security_manager: Rework metadata locking 2018-11-16 13:42:39 +01:00
security_dac.h security: add MANAGER_MOUNT_NAMESPACE flag 2017-09-12 12:27:42 -04:00
security_driver.c src: More cleanup of some system headers already contained in internal.h 2018-09-20 10:16:39 +02:00
security_driver.h virSecurityManagerTransactionCommit: Do metadata locking iff enabled in config 2018-11-16 13:42:38 +01:00
security_manager.c Revert "security_manager: Load lock plugin on init" 2018-11-16 13:42:39 +01:00
security_manager.h Revert "security_manager: Load lock plugin on init" 2018-11-16 13:42:39 +01:00
security_nop.c security: introduce virSecurityManager(Set|Restore)ChardevLabel 2017-12-05 13:54:48 +01:00
security_nop.h
security_selinux.c security_manager: Rework metadata locking 2018-11-16 13:42:39 +01:00
security_selinux.h
security_stack.c virSecurityManagerTransactionCommit: Do metadata locking iff enabled in config 2018-11-16 13:42:38 +01:00
security_stack.h
virt-aa-helper.c security: aa-helper: Fix static defined vfio MDEVs 2018-11-22 14:19:54 +01:00