On Thu, Nov 24, 2016 at 03:47:54PM +0100, Michal Privoznik wrote: > Namely, virFileGetACLs, virFileSetACLs, virFileFreeACLs and > virFileCopyACLs. These functions are going to be required when we > are creating /dev for qemu. We have copy anything that's in > host's /dev exactly as is. Including ACLs. Do we really ? IIUC, udev uses ACLs on /dev in order to grant end users in the desktop session permission on certain device nodes, without chowning the whole device. The device nodes in our private /dev only need to be accessible to the QEMU process we're about to run. So neither existing ownership, group, permissions, nor ACLs matter at all. Our security driver code will chown/grp the device to grant QEMU access and that's all that's needed AFAICT. What am I missing that requires us to preserve ACLs ? Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
