Re: [libvirt PATCH] virt-host-validate: fix detection with cgroups v2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/18/20 1:48 PM, Pavel Hrdina wrote:
Using virtCgroupNewSelf() is not correct with cgroups v2 because the
the virt-host-validate process is executed from from the same cgroup
context as the terminal and usually not all controllers are enabled
by default.

To do a proper check we need to use the root cgroup to see what
controllers are actually available. Libvirt or systemd ensures that
all controllers are available for VMs as well.

This still doesn't solve the devices controller with cgroups v2 where
there is no controller as it was replaced by eBPF. Currently libvirt
tries to query eBPF programs which usually works only for root as
regular users will get permission denied for that operation.

Fixes: https://gitlab.com/libvirt/libvirt/-/issues/94

Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
---
  src/libvirt_private.syms          | 1 +
  src/util/vircgroup.h              | 4 ++++
  src/util/vircgrouppriv.h          | 4 ----
  tools/virt-host-validate-common.c | 2 +-
  4 files changed, 6 insertions(+), 5 deletions(-)

Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx>

Michal




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux