Re: [PATCH v14 14/15] security_dac: Set DAC label on SGX /dev nodes
On Wed, Jul 27, 2022 at 12:35:00 +0200, Michal Privoznik wrote:
As advertised in previous commits, QEMU needs to access
/dev/sgx_vepc and /dev/sgx_provision files when SGX memory
backend is configured. And if it weren't for QEMU's namespaces,
we wouldn't dare to relabel them, because they are system wide
files. But if namespaces are used, then we can set label on
domain's private copies, just like we do for /dev/sev.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/security/security_dac.c | 46 ++++++++++++++++++++++---------------
1 file changed, 28 insertions(+), 18 deletions(-)
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
Isn't something similar needed also for the apparmor driver?