[PATCH 0/7] qemu: Be more cautious about allowed devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

As discussed here [1], it's unsafe to allow /dev/vfio/vfio to all the domains
(even those not doing PCI assignemnt). The same goes for /dev/dri/*.

1: https://www.redhat.com/archives/libvir-list/2017-February/msg00267.html

Michal Privoznik (7):
  qemu_cgroup: Kill qemuSetupHostUSBDeviceCgroup
  qemu_cgroup: Kill qemuSetupHostSCSIDeviceCgroup
  qemu_cgroup: Kill qemuSetupHostSCSIVHostDeviceCgroup
  qemuSetupHostdevCgroup: Use qemuDomainGetHostdevPath
  qemuDomainGetHostdevPath: Create /dev/vfio/vfio iff needed
  qemuDomainGetHostdevPath: Report /dev/vfio/vfio less frequently
  qemu: Allow /dev/dri/render* for virgl domains

 src/qemu/qemu.conf                 |   2 +-
 src/qemu/qemu_cgroup.c             | 311 +++++++++++--------------------------
 src/qemu/qemu_domain.c             | 207 ++++++++++++++++++++----
 src/qemu/qemu_domain.h             |   7 +
 src/qemu/test_libvirtd_qemu.aug.in |   1 -
 5 files changed, 274 insertions(+), 254 deletions(-)

-- 
2.11.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux