On Thu, Oct 25, 2018 at 01:47:26PM +0200, Bjoern Walk wrote: > Daniel P. Berrangé <berrange@xxxxxxxxxx> [2018-10-24, 10:43PM +0100]: > > We could optimize this by jcalling virFileAccessibleAs > > once and storing the result in a global. Then just do a > > plain stat() call in process to check the st_ctime field > > for changes. We only need re-run the heavy virFileAccessibleAs > > check if st_ctime has changed (indicating a owner/group/acl > > change). > > But can't access permission change outside of changing the actual device > file (e.g. cgroups or other OS capabilities)? Isn't that the whole > purpose of the virFileAccessibleAs gymnastics? Yes, cgroups could restrict access to /dev/kvm, but virFileAccessibleAs does not use cgroups, it only cares about using the correct user + group membership. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
