[libvirt] [PATCH] apparmor, libvirt-qemu: Allow QEMU to gather information about available host resources.

intrigeri posted 1 patch 6 years, 7 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20170808215726.10626-1-intrigeri+libvirt@boum.org
examples/apparmor/libvirt-qemu | 6 ++++++
1 file changed, 6 insertions(+)
[libvirt] [PATCH] apparmor, libvirt-qemu: Allow QEMU to gather information about available host resources.
Posted by intrigeri 6 years, 7 months ago
---
 examples/apparmor/libvirt-qemu | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index f462d7428c..dcfb1a5985 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -169,3 +169,9 @@
   @{PROC}/device-tree/ r,
   @{PROC}/device-tree/** r,
   /sys/firmware/devicetree/** r,
+
+  # for gathering information about available host resources
+  /sys/devices/system/cpu/ r,
+  /sys/devices/system/node/ r,
+  /sys/devices/system/node/node[0-9]*/meminfo r,
+  /sys/module/vhost/parameters/max_mem_regions r,
-- 
2.14.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] apparmor, libvirt-qemu: Allow QEMU to gather information about available host resources.
Posted by Christian Ehrhardt 6 years, 7 months ago
We had the same rule for some time, it just is ordered later in our
submission stack and not yet pushed by me or Stefan for review.
But since we have the same rules for quite some time working fine I'm
clearly acking that.
Thanks intrigeri!

Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>

On Tue, Aug 8, 2017 at 11:57 PM, intrigeri <intrigeri+libvirt@boum.org>
wrote:

> ---
>  examples/apparmor/libvirt-qemu | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-
> qemu
> index f462d7428c..dcfb1a5985 100644
> --- a/examples/apparmor/libvirt-qemu
> +++ b/examples/apparmor/libvirt-qemu
> @@ -169,3 +169,9 @@
>    @{PROC}/device-tree/ r,
>    @{PROC}/device-tree/** r,
>    /sys/firmware/devicetree/** r,
> +
> +  # for gathering information about available host resources
> +  /sys/devices/system/cpu/ r,
> +  /sys/devices/system/node/ r,
> +  /sys/devices/system/node/node[0-9]*/meminfo r,
> +  /sys/module/vhost/parameters/max_mem_regions r,
> --
> 2.14.0
>
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>



-- 
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] apparmor, libvirt-qemu: Allow QEMU to gather information about available host resources.
Posted by Guido Günther 6 years, 7 months ago
Hi,
On Tue, Aug 08, 2017 at 09:57:26PM +0000, intrigeri wrote:
> ---
>  examples/apparmor/libvirt-qemu | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
> index f462d7428c..dcfb1a5985 100644
> --- a/examples/apparmor/libvirt-qemu
> +++ b/examples/apparmor/libvirt-qemu
> @@ -169,3 +169,9 @@
>    @{PROC}/device-tree/ r,
>    @{PROC}/device-tree/** r,
>    /sys/firmware/devicetree/** r,
> +
> +  # for gathering information about available host resources
> +  /sys/devices/system/cpu/ r,
> +  /sys/devices/system/node/ r,
> +  /sys/devices/system/node/node[0-9]*/meminfo r,
> +  /sys/module/vhost/parameters/max_mem_regions r,
> -- 

Pushed. Thanks. I'm still not used to adding the acked-by header. Will
do better next time.

Cheers,
 -- Guido

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list