On Wed, Jul 27, 2022 at 12:35:00 +0200, Michal Privoznik wrote: > As advertised in previous commits, QEMU needs to access > /dev/sgx_vepc and /dev/sgx_provision files when SGX memory > backend is configured. And if it weren't for QEMU's namespaces, > we wouldn't dare to relabel them, because they are system wide > files. But if namespaces are used, then we can set label on > domain's private copies, just like we do for /dev/sev. > > Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> > --- > src/security/security_dac.c | 46 ++++++++++++++++++++++--------------- > 1 file changed, 28 insertions(+), 18 deletions(-) Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx> Isn't something similar needed also for the apparmor driver?
