On 07/17/2017 12:35 PM, Daniel P. Berrange wrote: > On Mon, Jul 17, 2017 at 12:31:50PM -0400, Cole Robinson wrote: >> For a logged in user this a path like /dev/dri/renderD128 will have >> default ownership root:video which won't work for the qemu:qemu user, >> so we need to chown it. >> >> Thankfully with the namespace work we don't need to worry about this >> shutting out other legitimate users > > We support turning off namespaces, in which case this will harm other > users. So at very least we need to make this conditional on namespaces > being enabled. > I can look into that, but then again it's basically the way the DAC driver already works for potentially more invasive scenarios like /dev/sd*, /dev/cdrom, USB devices etc etc - Cole -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
