On Wed, May 15, 2019 at 04:11:34PM +0200, Christian Ehrhardt wrote: > When a vhost scsi device is hotplugged virt-aa-helper is called to > add the respective path. > For example the config: > <hostdev mode='subsystem' type='scsi_host' managed='no'> > <source protocol='vhost' wwpn='naa.50014059de6fba4f'/> > </hostdev> > Will call it to add: > /sys/kernel/config/target/vhost//naa.50014059de6fba4f > > But in general /sys paths are filtered in virt-aa-helper.c:valid_path > To allow the path used for vhost-scsi we need to add it to the list of > known and accepted overrides. > > Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1829223 > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> > --- > src/security/virt-aa-helper.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c > index d0fe86cefc..ad9a7dda94 100644 > --- a/src/security/virt-aa-helper.c > +++ b/src/security/virt-aa-helper.c > @@ -510,8 +510,9 @@ valid_path(const char *path, const bool readonly) > }; > /* override the above with these */ > const char * const override[] = { > - "/sys/devices/pci", /* for hostdev pci devices */ > - "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */ > + "/sys/devices/pci", /* for hostdev pci devices */ > + "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */ > + "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */ FYI for a future patch you can purge this directory as I killed the libvirt sandbox services concept, as it is a failed experiment. For this specific patch though Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
