Re: [PATCH] Allow VM to read sysfs PCI config, revision files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Oops, I didn't intend for the commit author email to be gitlab@xxxxxxxxxxxxxx here. Would you please use c@xxxxxxxxxxxxxx as the author of the patch?

On Wed, May 11, 2022, 6:09 PM Max Goodhart <c@xxxxxxxxxxxxxx> wrote:
From: Max Goodhart <gitlab@xxxxxxxxxxxxxx>

This fixes a blank screen when viewing a VM with virtio graphics and
gl-accelerated Spice display on Ubuntu 22.04 / libvirt 8.0.0 / qemu 6.2.

Without these AppArmor permissions, the libvirt error log contains
repetitions of:

qemu_spice_gl_scanout_texture: failed to get fd for texture

This appears to be similar to this GNOME Boxes issue:
https://gitlab.gnome.org/GNOME/gnome-boxes/-/issues/586

Signed-off-by: Max Goodhart <c@xxxxxxxxxxxxxx>
---
 src/security/virt-aa-helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 1f1cce8b3d..b314d2a059 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1316,7 +1316,7 @@ get_files(vahControl * ctl)
         virBufferAddLit(&buf, "  \"/dev/nvidiactl\" rw,\n");
         virBufferAddLit(&buf, "  # Probe DRI device attributes\n");
         virBufferAddLit(&buf, "  \"/dev/dri/\" r,\n");
-        virBufferAddLit(&buf, "  \"/sys/devices/**/{uevent,vendor,device,subsystem_vendor,subsystem_device}\" r,\n");
+        virBufferAddLit(&buf, "  \"/sys/devices/**/{uevent,vendor,device,subsystem_vendor,subsystem_device,config,revision}\" r,\n");
         virBufferAddLit(&buf, "  # dri libs will trigger that, but t is not requited and DAC would deny it anyway\n");
         virBufferAddLit(&buf, "  deny \"/var/lib/libvirt/.cache/\" w,\n");
     }
--
2.34.1


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux