[libvirt] [PATCH 4/4] qemu: add VFIO devices to cgroup ACL
Laine Stump
laine at laine.org
Fri Apr 26 01:44:33 UTC 2013
We don't know exactly the names of the VFIO devices that will be
needed (and due to hotplug, we can't ever assume we won't need them at
all), so we just add an ACL to allow any vfio device - they all have
the major number 244 (/dev/vfio/vfio is 244,0, and the /dev/vfio/n
devices are up from there).
---
src/qemu/qemu_cgroup.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 891984a..ad2027d 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -44,6 +44,7 @@ static const char *const defaultDeviceACL[] = {
};
#define DEVICE_PTY_MAJOR 136
#define DEVICE_SND_MAJOR 116
+#define DEVICE_VFIO_MAJOR 244
static int
qemuSetupDiskPathAllow(virDomainDiskDefPtr disk,
@@ -388,6 +389,16 @@ int qemuSetupCgroup(virQEMUDriverPtr driver,
}
}
+ rc = virCgroupAllowDeviceMajor(priv->cgroup, 'c', DEVICE_VFIO_MAJOR,
+ VIR_CGROUP_DEVICE_RW);
+ virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_VFIO_MAJOR,
+ "vfio", "rw", rc == 0);
+ if (rc != 0) {
+ virReportSystemError(-rc, "%s",
+ _("unable to allow /dev/vfio/ devices"));
+ goto cleanup;
+ }
+
for (i = 0; deviceACL[i] != NULL ; i++) {
if (access(deviceACL[i], F_OK) < 0) {
VIR_DEBUG("Ignoring non-existant device %s",
--
1.7.11.7
More information about the libvir-list
mailing list