Hi, Currently the hugepages support can automatically detect the hugepages mount, but it doesn't update the security information. At least for apparmor we need to be able to add permission for the domain to access the hugetlbfs mount path.
There are a few ways this could be done, 1. add a virSecuritySetSecurityHugepages or virSecuritySetSecurityHugepagesFD hook which is called perhaps at qemudStartup 2. optionally add the qemu_driver->hugepage_path to the xml output, at least for the internal format (which is passed to virt-aa-helper). The concern I have with this is that it brings up the issue of what to do when defining a domain which has such an entry. 3. reproduce the logic in virt-aa-helper for detecting the hugepages mount path. Not preferred obviously. My guess would be that (1) would be preferred, but I wanted to ask here first and see if there are other suggestions. thanks, -serge -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
