Re: [PATCH] qemu_namespace: Be tolerant to non-existent files when populating /dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 03, 2020 at 06:22:00PM +0200, Michal Privoznik wrote:
> In 6.7.0 release I've changed how domain namespace is built and
> populated. Previously it used to be done from a pre-exec hook
> (ran in the forked off child, just before dropping all privileges
> and exec()-ing QEMU), which not only meant we had to have two
> different code paths for creating a node in domain's namespace
> (one for this pre-exec hook, the other for hotplug ran from the
> daemon), it also proved problematic because it was leaking FDs
> into QEMU process. To mitigate this problem, we've not only
> ditched libdevmapper from the NS population process, I've also
> dropped the pre-exec code and let the NS be populated from the
> daemon (using the hotplug code). But, I was not careful when
> doing so, because the pre-exec code was tolerant to files that
> doesn't exist, while this new code isn't. For instance, the very
> first thing that is done when the new NS is created is it's
> populated with @defaultDeviceACL which contain files like
> /dev/null, /dev/zero, /dev/random and /dev/kvm (and others).
> While the rest will probably exist every time, /dev/kvm might not
> and thus the new code I wrote has to be tolerant to that.
> 
> Of course, users can override the @defaultDeviceACL (by setting
> cgroup_device_acl in qemu.conf) and remove /dev/kvm (which is
> acceptable workaround), but we definitely want libvirt to work
> out of the box even on hosts without KVM.
> 
> Fixes: 9048dc4e627ddf33996084167bece7b5fb83b0bc
> Reported-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
> ---
>  src/qemu/qemu_namespace.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)

Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux