[libvirt] [PATCH] virt-aa-helper: allow sysfs path used for vhost-scsi

Christian Ehrhardt posted 1 patch 1 week ago
Test syntax-check passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20190515141134.19052-1-christian.ehrhardt@canonical.com
src/security/virt-aa-helper.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

[libvirt] [PATCH] virt-aa-helper: allow sysfs path used for vhost-scsi

Posted by Christian Ehrhardt 1 week ago
When a vhost scsi device is hotplugged virt-aa-helper is called to
add the respective path.
For example the config:
  <hostdev mode='subsystem' type='scsi_host' managed='no'>
    <source protocol='vhost' wwpn='naa.50014059de6fba4f'/>
  </hostdev>
Will call it to add:
 /sys/kernel/config/target/vhost//naa.50014059de6fba4f

But in general /sys paths are filtered in virt-aa-helper.c:valid_path
To allow the path used for vhost-scsi we need to add it to the list of
known and accepted overrides.

Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1829223

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---
 src/security/virt-aa-helper.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index d0fe86cefc..ad9a7dda94 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -510,8 +510,9 @@ valid_path(const char *path, const bool readonly)
     };
     /* override the above with these */
     const char * const override[] = {
-        "/sys/devices/pci",              /* for hostdev pci devices */
-        "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
+        "/sys/devices/pci",                /* for hostdev pci devices */
+        "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */
+        "/etc/libvirt-sandbox/services/"   /* for virt-sandbox service config */
     };
 
     const int nropaths = ARRAY_CARDINALITY(restricted);
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] virt-aa-helper: allow sysfs path used for vhost-scsi

Posted by Daniel P. Berrangé 1 week ago
On Wed, May 15, 2019 at 04:11:34PM +0200, Christian Ehrhardt wrote:
> When a vhost scsi device is hotplugged virt-aa-helper is called to
> add the respective path.
> For example the config:
>   <hostdev mode='subsystem' type='scsi_host' managed='no'>
>     <source protocol='vhost' wwpn='naa.50014059de6fba4f'/>
>   </hostdev>
> Will call it to add:
>  /sys/kernel/config/target/vhost//naa.50014059de6fba4f
> 
> But in general /sys paths are filtered in virt-aa-helper.c:valid_path
> To allow the path used for vhost-scsi we need to add it to the list of
> known and accepted overrides.
> 
> Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1829223
> 
> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
> ---
>  src/security/virt-aa-helper.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index d0fe86cefc..ad9a7dda94 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -510,8 +510,9 @@ valid_path(const char *path, const bool readonly)
>      };
>      /* override the above with these */
>      const char * const override[] = {
> -        "/sys/devices/pci",              /* for hostdev pci devices */
> -        "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
> +        "/sys/devices/pci",                /* for hostdev pci devices */
> +        "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */
> +        "/etc/libvirt-sandbox/services/"   /* for virt-sandbox service config */

FYI for a future patch you can purge this directory as I killed the libvirt
sandbox services concept, as it is a failed experiment.

For this specific patch though

  Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] virt-aa-helper: allow sysfs path used for vhost-scsi

Posted by Christian Ehrhardt 1 week ago
On Wed, May 15, 2019 at 4:14 PM Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> On Wed, May 15, 2019 at 04:11:34PM +0200, Christian Ehrhardt wrote:
> > When a vhost scsi device is hotplugged virt-aa-helper is called to
> > add the respective path.
> > For example the config:
> >   <hostdev mode='subsystem' type='scsi_host' managed='no'>
> >     <source protocol='vhost' wwpn='naa.50014059de6fba4f'/>
> >   </hostdev>
> > Will call it to add:
> >  /sys/kernel/config/target/vhost//naa.50014059de6fba4f
> >
> > But in general /sys paths are filtered in virt-aa-helper.c:valid_path
> > To allow the path used for vhost-scsi we need to add it to the list of
> > known and accepted overrides.
> >
> > Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1829223
> >
> > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
> > ---
> >  src/security/virt-aa-helper.c | 5 +++--
> >  1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> > index d0fe86cefc..ad9a7dda94 100644
> > --- a/src/security/virt-aa-helper.c
> > +++ b/src/security/virt-aa-helper.c
> > @@ -510,8 +510,9 @@ valid_path(const char *path, const bool readonly)
> >      };
> >      /* override the above with these */
> >      const char * const override[] = {
> > -        "/sys/devices/pci",              /* for hostdev pci devices */
> > -        "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
> > +        "/sys/devices/pci",                /* for hostdev pci devices */
> > +        "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */
> > +        "/etc/libvirt-sandbox/services/"   /* for virt-sandbox service config */
>
> FYI for a future patch you can purge this directory as I killed the libvirt
> sandbox services concept, as it is a failed experiment.

I'll submit a cleanup later on as otherwise I'll forget for sure :-)

> For this specific patch though
>
>   Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

Thanks for the review, I now pushed it with that added.

>
> Regards,
> Daniel
> --
> |: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org         -o-            https://fstop138.berrange.com :|
> |: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|



-- 
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list