virt-aa-helper: allow sysfs path used for vhost-scsi

When a vhost scsi device is hotplugged virt-aa-helper is called to
add the respective path.
For example the config:
  <hostdev mode='subsystem' type='scsi_host' managed='no'>
    <source protocol='vhost' wwpn='naa.50014059de6fba4f'/>
  </hostdev>
Will call it to add:
 /sys/kernel/config/target/vhost//naa.50014059de6fba4f

But in general /sys paths are filtered in virt-aa-helper.c:valid_path
To allow the path used for vhost-scsi we need to add it to the list of
known and accepted overrides.

Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1829223
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index d0fe86cefccd8f5dc2ca7d7bb53ed9a0b13cb8bc..ad9a7dda94df43ff470fd8400ee2ae173b2c8173 100644 (file)
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -510,8 +510,9 @@ valid_path(const char *path, const bool readonly)
     };
     /* override the above with these */
     const char * const override[] = {
-        "/sys/devices/pci",              /* for hostdev pci devices */
-        "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
+        "/sys/devices/pci",                /* for hostdev pci devices */
+        "/sys/kernel/config/target/vhost", /* for hostdev vhost_scsi devices */
+        "/etc/libvirt-sandbox/services/"   /* for virt-sandbox service config */
     };
 
     const int nropaths = ARRAY_CARDINALITY(restricted);