Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 624151 - pcidev missing files for security drivers
pcidev missing files for security drivers
Status: CLOSED CURRENTRELEASE
Product: Virtualization Tools
Classification: Community
Component: libvirt (Show other bugs)
unspecified
All Linux
low Severity medium
: ---
: ---
Assigned To: Libvirt Maintainers
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-13 16:32 EDT by Jamie Strandboge
Modified: 2015-07-28 10:53 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-28 10:53:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jamie Strandboge 2010-08-13 16:32:52 EDT
Someone reported a bug in Ubuntu on pcidev devices not being correctly added with the AppArmor driver and a patch was submitted:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/545795/comments/29

This patch is not tested but suggests that more than just the AppArmor driver is affected, so I am forwarding it here. That bug is kinda all over the place and has various things unrelated to this report.

Here is the comment and submitted patch:

"Patch to allow PCI pass through to work woth app armor. It's currently missing a couple of files"

--- libvirt-0.7.5.orig/src/util/pci.c	2010-06-11 01:43:41 +0000
+++  libvirt-0.7.5/src/util/pci.c	2010-06-11 01:45:06 +0000
@@ -1089,6 +1089,8 @@
          */
         if (STREQ(ent->d_name, "config") ||
             STRPREFIX(ent->d_name, "resource") ||
+            STREQ(ent->d_name, "vendor") ||
+            STREQ(ent->d_name, "device") ||
             STREQ(ent->d_name, "rom")) {
             if (virAsprintf(&file, "%s/%s", pcidir, ent->d_name) < 0) {
                 virReportOOMError(conn);
Comment 1 Daniel Berrange 2010-08-14 16:19:06 EDT
This is rather odd. QEMU appears to use the vendor + device files, but AFAICK, under SElinux QEMU is working fine without this change. The patch certainly looks reasonable though.
Comment 2 Jamie Strandboge 2010-11-05 14:17:21 EDT
I'm just following up on this since we are pulling in 0.8.5 into Ubuntu and the above isn't committed yet. I can say that at this point Ubuntu is carrying it in its 10.10 release (libvirt 0.8.3) and there are no reported regressions.
Comment 3 Ján Tomko 2015-07-28 10:53:21 EDT
Identical patch was already pushed upstream:
commit 28d599c5130ee102d5174c01d59eeb14a75a3747
Author:     Cédric Bosdonnat <cbosdonnat@suse.com>
AuthorDate: 2015-04-23 09:32:16 +0200
Commit:     Cédric Bosdonnat <cbosdonnat@suse.com>
CommitDate: 2015-04-24 10:47:41 +0200

    Allow access to vendor and device file for PCI device passthrough
    
    For some devices, the $PCIDIR/vendor and $PCIDIR/device need to be
    read. Iterate over them to get them as well in the the generated
    apparmor profile.

git describe: v1.2.14-282-g28d599c contains: v1.2.15-rc1~57

Note You need to log in before you can comment on or make changes to this bug.