When a vhost scsi device is hotplugged virt-aa-helper is called to
add the respective path.
For example the config:
<hostdev mode='subsystem' type='scsi_host' managed='no'>
<source protocol='vhost' wwpn='naa.50014059de6fba4f'/>
</hostdev>
Will call it to add:
/sys/kernel/config/target/vhost//naa.50014059de6fba4f
But in general /sys paths are filtered in virt-aa-helper.c:valid_path
To allow the path used for vhost-scsi we need to add it to the list of
known and accepted overrides.
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1829223
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---
src/security/virt-aa-helper.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index d0fe86cefc..ad9a7dda94 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -510,8 +510,9 @@ valid_path(const char *path, const bool readonly)
};
/* override the above with these */
const char * const override[] = {
- "/sys/devices/pci", /* for hostdev pci devices */
- "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
+ "/sys/devices/pci", /* for hostdev pci devices */
+ "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */
+ "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
};
const int nropaths = ARRAY_CARDINALITY(restricted);
--
2.21.0
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, May 15, 2019 at 04:11:34PM +0200, Christian Ehrhardt wrote: > When a vhost scsi device is hotplugged virt-aa-helper is called to > add the respective path. > For example the config: > <hostdev mode='subsystem' type='scsi_host' managed='no'> > <source protocol='vhost' wwpn='naa.50014059de6fba4f'/> > </hostdev> > Will call it to add: > /sys/kernel/config/target/vhost//naa.50014059de6fba4f > > But in general /sys paths are filtered in virt-aa-helper.c:valid_path > To allow the path used for vhost-scsi we need to add it to the list of > known and accepted overrides. > > Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1829223 > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> > --- > src/security/virt-aa-helper.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c > index d0fe86cefc..ad9a7dda94 100644 > --- a/src/security/virt-aa-helper.c > +++ b/src/security/virt-aa-helper.c > @@ -510,8 +510,9 @@ valid_path(const char *path, const bool readonly) > }; > /* override the above with these */ > const char * const override[] = { > - "/sys/devices/pci", /* for hostdev pci devices */ > - "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */ > + "/sys/devices/pci", /* for hostdev pci devices */ > + "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */ > + "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */ FYI for a future patch you can purge this directory as I killed the libvirt sandbox services concept, as it is a failed experiment. For this specific patch though Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, May 15, 2019 at 4:14 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > > On Wed, May 15, 2019 at 04:11:34PM +0200, Christian Ehrhardt wrote: > > When a vhost scsi device is hotplugged virt-aa-helper is called to > > add the respective path. > > For example the config: > > <hostdev mode='subsystem' type='scsi_host' managed='no'> > > <source protocol='vhost' wwpn='naa.50014059de6fba4f'/> > > </hostdev> > > Will call it to add: > > /sys/kernel/config/target/vhost//naa.50014059de6fba4f > > > > But in general /sys paths are filtered in virt-aa-helper.c:valid_path > > To allow the path used for vhost-scsi we need to add it to the list of > > known and accepted overrides. > > > > Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1829223 > > > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> > > --- > > src/security/virt-aa-helper.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c > > index d0fe86cefc..ad9a7dda94 100644 > > --- a/src/security/virt-aa-helper.c > > +++ b/src/security/virt-aa-helper.c > > @@ -510,8 +510,9 @@ valid_path(const char *path, const bool readonly) > > }; > > /* override the above with these */ > > const char * const override[] = { > > - "/sys/devices/pci", /* for hostdev pci devices */ > > - "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */ > > + "/sys/devices/pci", /* for hostdev pci devices */ > > + "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */ > > + "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */ > > FYI for a future patch you can purge this directory as I killed the libvirt > sandbox services concept, as it is a failed experiment. I'll submit a cleanup later on as otherwise I'll forget for sure :-) > For this specific patch though > > Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Thanks for the review, I now pushed it with that added. > > Regards, > Daniel > -- > |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| > |: https://libvirt.org -o- https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- Christian Ehrhardt Software Engineer, Ubuntu Server Canonical Ltd -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.