On Fri, 11.11.16 14:15, Michal Sekletar (msekleta@xxxxxxxxxx) wrote: > On Mon, Nov 7, 2016 at 1:20 PM, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote: > > > So if libvirt creates a private mount namespace for each QEMU and mounts > > a custom /dev there, this is invisible to udev, and thus udev won't/can't > > mess with permissions we set in our private /dev. > > > > For hotplug, the libvirt QEMU would do the same as the libvirt LXC driver > > currently does. It would fork and setns() into the QEMU mount namespace > > and run mknod()+chmod() there, before doing the rest of its normal hotplug > > logic. See lxcDomainAttachDeviceMknodHelper() for what LXC does. > > We try to migrate people away from using mknod and messing with /dev/ > from user-space. For example, we had to deal with non-trivial problems > wrt. mknod and Veritas storage stack in the past (most of these issues > remain unsolved to date). I don't like to hear that you plan to get > into /dev management business in libvirt too. I am judging based on > past experiences, nevertheless, I don't like this plan. Well, I'd say: if people create their own /dev, they are welcome to do in it whatever they want. They should just stay away from the host's /dev however, and not interfere with udev's own managing of that. Lennart -- Lennart Poettering, Red Hat -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list