[libvirt] [PATCH 0/7] qemu: Be more cautious about allowed devices
Michal Privoznik
mprivozn at redhat.com
Fri Feb 10 14:56:48 UTC 2017
As discussed here [1], it's unsafe to allow /dev/vfio/vfio to all the domains
(even those not doing PCI assignemnt). The same goes for /dev/dri/*.
1: https://www.redhat.com/archives/libvir-list/2017-February/msg00267.html
Michal Privoznik (7):
qemu_cgroup: Kill qemuSetupHostUSBDeviceCgroup
qemu_cgroup: Kill qemuSetupHostSCSIDeviceCgroup
qemu_cgroup: Kill qemuSetupHostSCSIVHostDeviceCgroup
qemuSetupHostdevCgroup: Use qemuDomainGetHostdevPath
qemuDomainGetHostdevPath: Create /dev/vfio/vfio iff needed
qemuDomainGetHostdevPath: Report /dev/vfio/vfio less frequently
qemu: Allow /dev/dri/render* for virgl domains
src/qemu/qemu.conf | 2 +-
src/qemu/qemu_cgroup.c | 311 +++++++++++--------------------------
src/qemu/qemu_domain.c | 207 ++++++++++++++++++++----
src/qemu/qemu_domain.h | 7 +
src/qemu/test_libvirtd_qemu.aug.in | 1 -
5 files changed, 274 insertions(+), 254 deletions(-)
--
2.11.0
More information about the libvir-list
mailing list