From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Date: Wed, 15 May 2019 11:35:32 +0000 (+0200)
Subject: virt-aa-helper: allow sysfs path used for vhost-scsi
X-Git-Tag: v5.4.0-rc1~73
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0541b65464a2047fca6c0ab83e4d693ba0cc41a2;p=thirdparty%2Flibvirt.git

virt-aa-helper: allow sysfs path used for vhost-scsi

When a vhost scsi device is hotplugged virt-aa-helper is called to
add the respective path.
For example the config:
  <hostdev mode='subsystem' type='scsi_host' managed='no'>
    <source protocol='vhost' wwpn='naa.50014059de6fba4f'/>
  </hostdev>
Will call it to add:
 /sys/kernel/config/target/vhost//naa.50014059de6fba4f

But in general /sys paths are filtered in virt-aa-helper.c:valid_path
To allow the path used for vhost-scsi we need to add it to the list of
known and accepted overrides.

Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1829223

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index d0fe86cefc..ad9a7dda94 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -510,8 +510,9 @@ valid_path(const char *path, const bool readonly)
     };
     /* override the above with these */
     const char * const override[] = {
-        "/sys/devices/pci",              /* for hostdev pci devices */
-        "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
+        "/sys/devices/pci",                /* for hostdev pci devices */
+        "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */
+        "/etc/libvirt-sandbox/services/"   /* for virt-sandbox service config */
     };
 
     const int nropaths = ARRAY_CARDINALITY(restricted);