On 3/17/21 5:45 AM, Melissa Nuño wrote:
Hi all,
I'm creating a device during the prepare hook, and would like to add it
to the device.allow file for the VM. The cgroup doesn't exist during the
prepare hook or the start hook and will fail with an "Operation not
permitted" error. I can add the expected path to qemu.conf and restart
libvirtd, but this isn't very flexible since I'd have to do it for each
device for each VM I create. All of the other libvirt cgroups seem to
allow all devices, so I'm not seeing where the VM cgroup is getting its
initial list.
Is there a way to access the cgroup for a VM before it has started? I
can't even predict where it should be since it contains the domain ID.
We've already sorted this out through IRC, but for future reference, the
device in question was /dev/input device that was passed through via
qemu:arg.
Anything that's under qemu:arg is opaque to libvirt, it's not inspected
by libvirt in any way and thus if it happens to be a device that needs
to be allowed in CGroups, well bad luck. What should be used is proper
XML representation. If there is none, please do open an RFE as
documented in command line passhtrough:
https://libvirt.org/drvqemu.html#qemucommand
In this specific case, the following XML can be used:
<input type='passthrough' bus='virtio'>
<source evdev='/dev/input/XXX'/>
</input>
However, what might be missing is that currently libvirt does not
support 'grab_all=on,repeat=on'. But we should file an RFE for that.
Michal
