When a vhost scsi device is hotplugged virt-aa-helper is called to
add the respective path.
For example the config:
<hostdev mode='subsystem' type='scsi_host' managed='no'>
<source protocol='vhost' wwpn='naa.50014059de6fba4f'/>
</hostdev>
Will call it to add:
/sys/kernel/config/target/vhost//naa.50014059de6fba4f
But in general /sys paths are filtered in virt-aa-helper.c:valid_path
To allow the path used for vhost-scsi we need to add it to the list of
known and accepted overrides.
Fixes:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1829223
Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
---
src/security/virt-aa-helper.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index d0fe86cefc..ad9a7dda94 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -510,8 +510,9 @@ valid_path(const char *path, const bool readonly)
};
/* override the above with these */
const char * const override[] = {
- "/sys/devices/pci", /* for hostdev pci devices */
- "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config
*/
+ "/sys/devices/pci", /* for hostdev pci devices */
+ "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices
*/
+ "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config
*/
FYI for a future patch you can purge this directory as I killed the libvirt
sandbox services concept, as it is a failed experiment.
For this specific patch though
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
Regards,
Daniel
--
|: