Re: [PATCHv3 3/2] qemu: don't request cgroup ACL access for /dev/net/tun

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03/10/2011 09:27 AM, Laine Stump wrote:
> On 03/09/2011 05:12 PM, Eric Blake wrote:
>> Since libvirt always passes /dev/net/tun to qemu via fd, we should
>> never trigger the cases where qemu tries to directly open the
>> device.  Therefore, it is safer to deny the cgroup device ACL.
>>
>> * src/qemu/qemu_cgroup.c (defaultDeviceACL): Remove /dev/net/tun.
>> * src/qemu/qemu.conf (cgroup_device_acl): Reflect this change.

>> -    "/dev/rtc", "/dev/hpet", "/dev/net/tun",
>> +    "/dev/rtc", "/dev/hpet",
>>       NULL,
>>   };
>>   #define DEVICE_PTY_MAJOR 136
> 
> ACK.

Thanks; pushed (actually, I pushed this prior to 2/2).

-- 
Eric Blake   eblake@xxxxxxxxxx    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]