When a vhost scsi device is hotplugged virt-aa-helper is called to
add the respective path.
For example the config:
<hostdev mode='subsystem' type='scsi_host' managed='no'>
<source protocol='vhost' wwpn='naa.50014059de6fba4f'/>
</hostdev>
Will call it to add:
/sys/kernel/config/target/vhost//naa.50014059de6fba4f
But in general /sys paths are filtered in virt-aa-helper.c:valid_path
To allow the path used for vhost-scsi we need to add it to the list of
known and accepted overrides.
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1829223
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx>
---
src/security/virt-aa-helper.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index d0fe86cefc..ad9a7dda94 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -510,8 +510,9 @@ valid_path(const char *path, const bool readonly)
};
/* override the above with these */
const char * const override[] = {
- "/sys/devices/pci", /* for hostdev pci devices */
- "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
+ "/sys/devices/pci", /* for hostdev pci devices */
+ "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */
+ "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
};
const int nropaths = ARRAY_CARDINALITY(restricted);
--
2.21.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
