Allow access to /dev/dri/render* devices for domains using <graphics type="spice"> with <gl enable="yes"/> https://bugzilla.redhat.com/show_bug.cgi?id=1337290 --- src/qemu/qemu_cgroup.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 1e04a68..5d810fa 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -567,6 +567,61 @@ qemuSetupFirmwareCgroup(virDomainObjPtr vm) static int +qemuSetupGraphicsCgroup(virDomainObjPtr vm) +{ + qemuDomainObjPrivatePtr priv = vm->privateData; + const char *dripath = "/dev/dri"; + char *devpath = NULL; + struct dirent *ent; + int ret = -1; + DIR *dir; + int rv, rc; + size_t i; + + for (i = 0; i < vm->def->ngraphics; i++) { + virDomainGraphicsDefPtr gfx = vm->def->graphics[i]; + if (gfx->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE && + gfx->data.spice.gl == VIR_TRISTATE_BOOL_YES) + break; + } + + if (i == vm->def->ngraphics) + return 0; + + if (!(dir = opendir(dripath))) { + virReportSystemError(errno, + _("Could not open directory '%s'"), + dripath); + return -1; + } + + while ((rv = virDirRead(dir, &ent, dripath)) > 0) { + if (STRPREFIX(ent->d_name, "render")) { + if (virAsprintf(&devpath, "%s/%s", dripath, ent->d_name) < 0) + goto cleanup; + + rc = virCgroupAllowDevicePath(priv->cgroup, devpath, + VIR_CGROUP_DEVICE_RW, false); + virDomainAuditCgroupPath(vm, priv->cgroup, "allow", devpath, + "rw", rc == 0); + if (rc < 0) + goto cleanup; + VIR_FREE(devpath); + } + } + + if (rv < 0) + goto cleanup; + + ret = 0; + cleanup: + VIR_FREE(devpath); + closedir(dir); + return ret; +} + + +static int qemuSetupDevicesCgroup(virQEMUDriverPtr driver, virDomainObjPtr vm) { @@ -626,6 +681,9 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver, goto cleanup; } + if (qemuSetupGraphicsCgroup(vm) < 0) + goto cleanup; + for (i = 0; deviceACL[i] != NULL; i++) { if (!virFileExists(deviceACL[i])) { VIR_DEBUG("Ignoring non-existent device %s", deviceACL[i]); -- 2.7.3 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list