28 Jul
2022
28 Jul
'22
2:46 p.m.
On Wed, Jul 27, 2022 at 12:35:00 +0200, Michal Privoznik wrote:
As advertised in previous commits, QEMU needs to access /dev/sgx_vepc and /dev/sgx_provision files when SGX memory backend is configured. And if it weren't for QEMU's namespaces, we wouldn't dare to relabel them, because they are system wide files. But if namespaces are used, then we can set label on domain's private copies, just like we do for /dev/sev.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/security/security_dac.c | 46 ++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 18 deletions(-)
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Isn't something similar needed also for the apparmor driver?