On Fri, Sep 23, 2022 at 08:03:07AM -0600, Alex Williamson wrote: > On Fri, 23 Sep 2022 10:29:41 -0300 > Jason Gunthorpe <jgg@xxxxxxxxxx> wrote: > > > On Fri, Sep 23, 2022 at 09:54:48AM +0100, Daniel P. Berrangé wrote: > > > > > Yes, we use cgroups extensively already. > > > > Ok, I will try to see about this > > > > Can you also tell me if the selinux/seccomp will prevent qemu from > > opening more than one /dev/vfio/vfio ? I suppose the answer is no? > > QEMU manages the container:group association with legacy vfio, so it > can't be restricted from creating multiple containers. Thanks, .. and it absolutely will create multiple containers (i.e. open /dev/vfio/vfio multiple times) if there are multiple guest-side vIOMMU domains. It can, however, open each /dev/vfio/NN group file only once each, since they are exclusive access. -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
Attachment:
signature.asc
Description: PGP signature
