From nobody Thu May 15 21:01:03 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1505922532678437.24818447120765;
 Wed, 20 Sep 2017 08:48:52 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 97338C074F11;
	Wed, 20 Sep 2017 15:48:51 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 77F1D17552;
	Wed, 20 Sep 2017 15:48:51 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 409C93FACE;
	Wed, 20 Sep 2017 15:48:51 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v8KExMp0027964 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 20 Sep 2017 10:59:22 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 242CF600C2; Wed, 20 Sep 2017 14:59:22 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx09.extmail.prod.ext.phx2.redhat.com
	[10.5.110.38])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 1E4E86017B
	for <libvir-list@redhat.com>; Wed, 20 Sep 2017 14:59:16 +0000 (UTC)
Received: from youngberry.canonical.com (youngberry.canonical.com
	[91.189.89.112]) (using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 03D1763E08
	for <libvir-list@redhat.com>; Wed, 20 Sep 2017 14:59:16 +0000 (UTC)
Received: from 167-139-067-156.ip-addr.inexio.net ([156.67.139.167]
	helo=lap.fritz.box) by youngberry.canonical.com with esmtpsa
	(TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76)
	(envelope-from <christian.ehrhardt@canonical.com>)
	id 1dugT4-0001Vi-Nm; Wed, 20 Sep 2017 14:59:14 +0000
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 97338C074F11
Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com;
 dmarc=fail (p=none dis=none) header.from=canonical.com
Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com;
 spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 97338C074F11
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 03D1763E08
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
	dmarc=fail (p=none dis=none) header.from=canonical.com
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=none
	smtp.mailfrom=christian.ehrhardt@canonical.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 03D1763E08
From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
To: Libvirt Devel <libvir-list@redhat.com>
Date: Wed, 20 Sep 2017 16:59:07 +0200
Message-Id: 
 <1505919549-19756-3-git-send-email-christian.ehrhardt@canonical.com>
In-Reply-To: 
 <1505919549-19756-1-git-send-email-christian.ehrhardt@canonical.com>
References: 
 <1505919549-19756-1-git-send-email-christian.ehrhardt@canonical.com>
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 205
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.38]); Wed, 20 Sep 2017 14:59:16 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.38]);
	Wed, 20 Sep 2017 14:59:16 +0000 (UTC) for IP:'91.189.89.112'
	DOMAIN:'youngberry.canonical.com' HELO:'youngberry.canonical.com'
	FROM:'christian.ehrhardt@canonical.com' RCPT:''
X-RedHat-Spam-Score: -2.321  (RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,
	RP_MATCHES_RCVD) 91.189.89.112 youngberry.canonical.com 91.189.89.112
	youngberry.canonical.com <christian.ehrhardt@canonical.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.38
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Cc: Jamie Strandboge <jamie.strandboge@canonical.com>,
	Guido Guenther <agx@sigxcpu.org>,
	Christian Ehrhardt <christian.ehrhardt@canonical.com>
Subject: [libvirt] [PATCH 2/4] virt-aa-helper: fix libusb access to udev usb
	data
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]);
 Wed, 20 Sep 2017 15:48:52 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

libusb as used by qemu needs to read data from /run/udev/data/ about usb
devices. That is read once on the first initialization of libusb_init by
qemu.

Therefore generating just the device we need would not be sufficient as
another hotplug later can need another device which would fail as the
data is no more re-read at this point.

But we can restrict the paths very much to just the major number of
potential usb devices which will make it match approximately the detail
that e.g. an lsusb -v would reveal - that is much safer than the
"/run/udev/data/* r" blanket many users are using now as a workaround.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---
 examples/apparmor/libvirt-qemu | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index dcfb1a5..b341e31 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -29,6 +29,9 @@
   # For hostdev access. The actual devices will be added dynamically
   /sys/bus/usb/devices/ r,
   /sys/devices/**/usb[0-9]*/** r,
+  # libusb needs udev data about usb devices (~equal to content of lsusb -=
v)
+  /run/udev/data/c16[6,7]* r,
+  /run/udev/data/c18[0,8,9]* r,
=20
   # WARNING: this gives the guest direct access to host hardware and speci=
fic
   # portions of shared memory. This is required for sound using ALSA with =
kvm,
--=20
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list