[libvirt] [PATCH] qemu: only request sound cgroup ACL when required

Daniel P. Berrange berrange at redhat.com
Mon Feb 28 10:19:39 UTC 2011


On Fri, Feb 25, 2011 at 12:03:52PM -0700, Eric Blake wrote:
> When a SPICE or VNC graphics controller is present, and sound is
> piggybacked over a channel to the graphics device rather than
> directly accessing host hardware, then there is no need to grant
> host hardware access to that qemu process.
> 
> * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Prevent sound with
> spice, and with vnc when vnc_allow_host_audio is 0.
> Reported by Daniel Berrange.
> ---
> 
> Daniel noticed this while reviewing the audit code - the audit
> proved that we were allowing more resources than necessary.
> 
>  src/qemu/qemu_cgroup.c |    6 +++++-
>  1 files changed, 5 insertions(+), 1 deletions(-)
> 
> diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
> index b39b5e1..e71d3fa 100644
> --- a/src/qemu/qemu_cgroup.c
> +++ b/src/qemu/qemu_cgroup.c
> @@ -241,7 +241,11 @@ int qemuSetupCgroup(struct qemud_driver *driver,
>              goto cleanup;
>          }
> 
> -        if (vm->def->nsounds) {
> +        if (vm->def->nsounds &&
> +            (!vm->def->ngraphics ||
> +             ((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
> +               driver->vncAllowHostAudio) ||
> +              (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL)))) {
>              rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_SND_MAJOR);
>              qemuDomainCgroupAudit(vm, cgroup, "allow", "major", "sound",
>                                    rc == 0);

ACK

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list