On Mon, Jul 17, 2017 at 12:42:12PM -0400, Cole Robinson wrote: > On 07/17/2017 12:35 PM, Daniel P. Berrange wrote: > > On Mon, Jul 17, 2017 at 12:31:50PM -0400, Cole Robinson wrote: > >> For a logged in user this a path like /dev/dri/renderD128 will have > >> default ownership root:video which won't work for the qemu:qemu user, > >> so we need to chown it. > >> > >> Thankfully with the namespace work we don't need to worry about this > >> shutting out other legitimate users > > > > We support turning off namespaces, in which case this will harm other > > users. So at very least we need to make this conditional on namespaces > > being enabled. > > > > I can look into that, but then again it's basically the way the DAC driver > already works for potentially more invasive scenarios like /dev/sd*, > /dev/cdrom, USB devices etc etc My concern is that changing this will break apps in the active desktop session that are currently using the graphics card too. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
