Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1628892. The problem is that we didn't put the DRI device into the namespace for QEMU to access, but that was only a part of the issue. The other part of the issue is that QEMU doesn't support specifying 'rendernode' for egl-headless yet (patches are already in upstream) Instead, QEMU's been autoselecting the DRI device on its own. There's no compelling reason for libvirt not doing that instead and thus prevent any permission-related issues. Since v1: - updated capabilities to 3.1.0-rc2 containing the necessary QEMU patches - provided more test cases as requested - added a new XML sub-element <gl> for egl-headless graphics type Since v2: - The cmdline code wouldn't play nicely with old QEMU where I'd pick a rendernode automatically and then fail if we didn't have the corresponding capability, so this was fixed for v3 - v2 converted some tests to CAPS_LATEST only which would also be wrong because QEMU can still pick a DRM node so that's a valid use case (not a practical one though) - the 3.1.0 capabilities patch was merged separately Erik Skultety (11): util: Introduce virHostGetDRMRenderNode helper conf: Introduce virDomainGraphics-related helpers qemu: process: spice: Pick the first available DRM render node qemu: command: Introduce qemuBuildGraphicsEGLHeadlessCommandLine helper qemu: caps: Introduce QEMU_EGL_HEADLESS_RENDERNODE capability conf: gfx: Add egl-headless as a member to virDomainGraphicsDef struct conf: gfx: egl-headless: Introduce a new <gl> subelement qemu: domain: egl-headless: Add the DRI device into the namespace qemu: cgroup: gfx: egl-headless: Add the DRI device into the cgroup list security: dac: gfx: egl-headless: Relabel the DRI device qemu: command: gfx: egl-headless: Add 'rendernode' option to the cmdline docs/formatdomain.html.in | 11 ++- docs/schemas/domaincommon.rng | 17 +++- src/conf/domain_conf.c | 84 +++++++++++++++++++ src/conf/domain_conf.h | 12 +++ src/libvirt_private.syms | 4 + src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_cgroup.c | 10 +-- src/qemu/qemu_command.c | 42 +++++++++- src/qemu/qemu_domain.c | 9 +- src/qemu/qemu_process.c | 32 ++++++- src/security/security_dac.c | 15 ++-- src/util/virutil.c | 53 ++++++++++++ src/util/virutil.h | 2 + .../caps_3.1.0.x86_64.xml | 1 + ...egl-headless-rendernode.x86_64-latest.args | 31 +++++++ .../graphics-egl-headless-rendernode.xml | 33 ++++++++ .../graphics-egl-headless.x86_64-latest.args | 31 +++++++ .../graphics-spice-gl-no-rendernode.args | 25 ++++++ .../graphics-spice-gl-no-rendernode.xml | 24 ++++++ ...play-spice-egl-headless.x86_64-latest.args | 2 +- ...isplay-vnc-egl-headless.x86_64-latest.args | 2 +- tests/qemuxml2argvmock.c | 9 ++ tests/qemuxml2argvtest.c | 2 + .../graphics-egl-headless-rendernode.xml | 41 +++++++++ tests/qemuxml2xmltest.c | 2 + 26 files changed, 464 insertions(+), 33 deletions(-) create mode 100644 tests/qemuxml2argvdata/graphics-egl-headless-rendernode.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/graphics-egl-headless-rendernode.xml create mode 100644 tests/qemuxml2argvdata/graphics-egl-headless.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/graphics-spice-gl-no-rendernode.args create mode 100644 tests/qemuxml2argvdata/graphics-spice-gl-no-rendernode.xml create mode 100644 tests/qemuxml2xmloutdata/graphics-egl-headless-rendernode.xml -- 2.19.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
