25 Feb
2025
25 Feb
'25
5:45 a.m.
On a Tuesday in 2025, Michal Privoznik wrote:
If SGX memory model is configured for domain then we need to allow QEMU access some additional files:
1) /dev/sgx_vepc needs to be RW 2) /dev/sgx_provision needs to be RO
We already do this in SELinux driver but not in AppArmor.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/751
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> ---
I've tested this successfully on my ubuntu machine.
src/security/virt-aa-helper.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano