On Thu, 2023-04-13 at 16:35 +0200, Michal Prívozník wrote:
> On 4/1/23 02:42, Eric Farman wrote:
> > Commit dbf1f68410 ("security: do not remember/recall labels for
> > VFIO")
> > rightly changed the DAC and SELinux labeling parameters to fix a
> > problem
> > with "VFIO hostdevs" but really only addressed the PCI codepaths.
> > As a result, we can still encounter this with VFIO MDEVs such as
> > vfio-ccw and vfio-ap, which can fail on a hotplug:
> >
> > [test@host ~]# mdevctl stop -u 11f2d2bc-4083-431d-a023-
> > eff72715c4f0
> > [test@host ~]# mdevctl start -u 11f2d2bc-4083-431d-a023-
> > eff72715c4f0
> > [test@host ~]# cat disk.xml
> > <hostdev mode='subsystem' type='mdev' model='vfio-ccw'>
> > <source>
> > <address uuid='11f2d2bc-4083-431d-a023-eff72715c4f0'/>
> > </source>
> > <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x3c51'/>
> > </hostdev>
> > [test@host ~]# virsh attach-device guest ~/disk.xml
> > error: Failed to attach device from /home/test/disk.xml
> > error: Requested operation is not valid: Setting different
> > SELinux label on /dev/vfio/3 which is already in use
> >
> > Make the same changes as reported in commit dbf1f68410, for the
> > mdev paths.
> >
> > Reported-by: Matthew Rosato <mjrosato@xxxxxxxxxxxxx>
> > Signed-off-by: Eric Farman <farman@xxxxxxxxxxxxx>
> > ---
> > src/security/security_dac.c | 4 ++--
> > src/security/security_selinux.c | 4 ++--
> > 2 files changed, 4 insertions(+), 4 deletions(-)
>
> Oops, sorry for the delay. I marked for review when I saw this patch,
> but then got side tracked and forgot about it.
Not a problem; thank you for the review/push!
Eric
>
> Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
>
> and pushed.
>
> Michal
>
