On Fri, 23 Sep 2022 10:29:41 -0300 Jason Gunthorpe <jgg@xxxxxxxxxx> wrote: > On Fri, Sep 23, 2022 at 09:54:48AM +0100, Daniel P. Berrangé wrote: > > > Yes, we use cgroups extensively already. > > Ok, I will try to see about this > > Can you also tell me if the selinux/seccomp will prevent qemu from > opening more than one /dev/vfio/vfio ? I suppose the answer is no? QEMU manages the container:group association with legacy vfio, so it can't be restricted from creating multiple containers. Thanks, Alex
