Download raw body.
Allow cd(4)/vioscsi(4) in confidential VM mode
Hi,
allowing to mount CDs in confidential VMs does not seem too dangerous as
this is triggered by the admin.
This is useful for installation and sometimes for cloud configuration
data. Also allow vioscsi(4) so that cd(4) can attach somewhere. Also, some
VMs may use vioscsi(4) disks.
thoughts? ok?
Cheers,
Stefan
diff --git a/sys/dev/pv/vioscsi.c b/sys/dev/pv/vioscsi.c
index 02b95e823e2..7a7653cc4df 100644
--- a/sys/dev/pv/vioscsi.c
+++ b/sys/dev/pv/vioscsi.c
@@ -77,7 +77,7 @@ const struct cfattach vioscsi_ca = {
};
struct cfdriver vioscsi_cd = {
- NULL, "vioscsi", DV_DULL,
+ NULL, "vioscsi", DV_DULL, CD_COCOVM
};
const struct scsi_adapter vioscsi_switch = {
diff --git a/sys/scsi/cd.c b/sys/scsi/cd.c
index 7307f2d912c..9ae5c89e8f4 100644
--- a/sys/scsi/cd.c
+++ b/sys/scsi/cd.c
@@ -152,7 +152,7 @@ const struct cfattach cd_ca = {
};
struct cfdriver cd_cd = {
- NULL, "cd", DV_DISK
+ NULL, "cd", DV_DISK, CD_COCOVM
};
const struct scsi_inquiry_pattern cd_patterns[] = {
--
2.39.5
Allow cd(4)/vioscsi(4) in confidential VM mode