Re: [PATCH] apparmor: Allow SGX if configured

If SGX memory model is configured for domain then we need to allow QEMU access some additional files: 1) /dev/sgx_vepc needs to be RW 2) /dev/sgx_provision needs to be RO We already do this in SELinux driver but not in AppArmor. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/751 Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- I've tested this successfully on my ubuntu machine. src/security/virt-aa-helper.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)