Re: [PATCH v14 14/15] security_dac: Set DAC label on SGX /dev nodes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 27, 2022 at 12:35:00 +0200, Michal Privoznik wrote:
> As advertised in previous commits, QEMU needs to access
> /dev/sgx_vepc and /dev/sgx_provision files when SGX memory
> backend is configured. And if it weren't for QEMU's namespaces,
> we wouldn't dare to relabel them, because they are system wide
> files. But if namespaces are used, then we can set label on
> domain's private copies, just like we do for /dev/sev.
> 
> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
> ---
>  src/security/security_dac.c | 46 ++++++++++++++++++++++---------------
>  1 file changed, 28 insertions(+), 18 deletions(-)

Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>

Isn't something similar needed also for the apparmor driver?




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux