[PATCH 4/4] qemu: add VFIO devices to cgroup ACL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We don't know exactly the names of the VFIO devices that will be
needed (and due to hotplug, we can't ever assume we won't need them at
all), so we just add an ACL to allow any vfio device - they all have
the major number 244 (/dev/vfio/vfio is 244,0, and the /dev/vfio/n
devices are up from there).
---
 src/qemu/qemu_cgroup.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 891984a..ad2027d 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -44,6 +44,7 @@ static const char *const defaultDeviceACL[] = {
 };
 #define DEVICE_PTY_MAJOR 136
 #define DEVICE_SND_MAJOR 116
+#define DEVICE_VFIO_MAJOR 244
 
 static int
 qemuSetupDiskPathAllow(virDomainDiskDefPtr disk,
@@ -388,6 +389,16 @@ int qemuSetupCgroup(virQEMUDriverPtr driver,
             }
         }
 
+        rc = virCgroupAllowDeviceMajor(priv->cgroup, 'c', DEVICE_VFIO_MAJOR,
+                                       VIR_CGROUP_DEVICE_RW);
+        virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_VFIO_MAJOR,
+                                  "vfio", "rw", rc == 0);
+        if (rc != 0) {
+            virReportSystemError(-rc, "%s",
+                                 _("unable to allow /dev/vfio/ devices"));
+            goto cleanup;
+        }
+
         for (i = 0; deviceACL[i] != NULL ; i++) {
             if (access(deviceACL[i], F_OK) < 0) {
                 VIR_DEBUG("Ignoring non-existant device %s",
-- 
1.7.11.7

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]