[RFC PATCH 2/2] virt-aa-helper: Allow SR-IOV VF PCI for hostdev networks

Add check for networks which were previously neglected (as opposed to explicit PCI hostdev devices), so that they can be granted the necessary permissions for PCI device access. The network type lookup in-turn requires the helper to read libvirt.conf Downstream bug https://bugs.debian.org/cgi-bin

[RFC PATCH 0/2] Fix forward type=hostdev nets for apparmor

I'm working on a fix for a bug whereby apparmor permissions aren't granted to allow a PCI SR-IOV virtual function to be used in a kvm guest when the VF is defined via a forward type='hostdev' network (as per the 'hostdev' option documented here: https://libvirt.org/formatnetwork.html#connectivity )

[RFC PATCH 1/2] virt-aa-helper: refactor for readability

Signed-off-by: Tim Small --- src/security/virt-aa-helper.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index e3802c18be..fa69245324 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-he

Re: [RFC PATCH 2/2] virt-aa-helper: Allow SR-IOV VF PCI for hostdev networks

On 07/05/2025 08:47, Peter Krempa wrote: On Tue, May 06, 2025 at 17:00:11 +0100, Tim Small via Devel wrote: Add check for networks which were previously neglected (as opposed to explicit PCI hostdev devices), so that they can be granted the necessary permissions for PCI device access. The

[PATCH v2 0/2] Fix forward type=hostdev nets for apparmor

Fixes a bug whereby apparmor permissions aren't granted to allow a PCI SR-IOV virtual function to be used in a kvm guest when the VF is defined via a forward type='hostdev' network (as per the 'hostdev' option documented here: https://libvirt.org/formatnetwork.html#connectivity ). Downstream bug h

[PATCH v2 2/2] virt-aa-helper: Allow SR-IOV VF PCI for hostdev networks

Add check for networks which were previously neglected (as opposed to explicit PCI hostdev devices), so that they can be granted the necessary permissions for PCI device access. The network type lookup in-turn requires the helper to read libvirt.conf See https://bugs.debian.org/cgi-bin/bugreport.

[PATCH v2 1/2] virt-aa-helper: refactor for readability

Signed-off-by: Tim Small --- src/security/virt-aa-helper.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index e3802c18be..6481e9cfd7 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-h

[PATCH v3 0/2] Fix forward type=hostdev nets for apparmor

Fixes a bug whereby apparmor permissions aren't granted to allow a PCI SR-IOV virtual function to be used in a kvm guest when the VF is defined via a forward type='hostdev' network (as per the 'hostdev' option documented here: https://libvirt.org/formatnetwork.html#connectivity ). Downstream bug h

[PATCH v3 2/2] virt-aa-helper: Allow SR-IOV VF PCI for hostdev networks

From: Tim Small Add check for networks which were previously neglected (as opposed to explicit PCI hostdev devices), so that they can be granted the necessary permissions for PCI device access. The network type lookup in-turn requires the helper to read libvirt.conf See https://bugs.debian.org/

[PATCH v3 1/2] virt-aa-helper: refactor for readability

From: Tim Small Signed-off-by: Tim Small --- Changes since earlier patch versions: Since V2: . Fix missing from line in patch body . Add this narrative Since V1: . Formatting - ref Peter Krempa's feedback src/security/virt-aa-helper.c | 8 1 file changed, 4 insertions(+), 4 deletio