virSecurity hook for hugepages?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Currently the hugepages support can automatically detect the hugepages
mount, but it doesn't update the security information.  At least for
apparmor we need to be able to add permission for the domain to access
the hugetlbfs mount path.

There are a few ways this could be done,

1. add a virSecuritySetSecurityHugepages or virSecuritySetSecurityHugepagesFD
hook which is called perhaps at qemudStartup

2. optionally add the qemu_driver->hugepage_path to the xml output, at
least for the internal format (which is passed to virt-aa-helper).  The
concern I have with this is that it brings up the issue of what to do
when defining a domain which has such an entry.

3. reproduce the logic in virt-aa-helper for detecting the hugepages
mount path.  Not preferred obviously.

My guess would be that (1) would be preferred, but I wanted to ask here
first and see if there are other suggestions.

thanks,
-serge

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]