[libvirt PATCH] virt-host-validate: fix detection with cgroups v2
Michal Privoznik
mprivozn at redhat.com
Wed Nov 18 17:38:29 UTC 2020
On 11/18/20 1:48 PM, Pavel Hrdina wrote:
> Using virtCgroupNewSelf() is not correct with cgroups v2 because the
> the virt-host-validate process is executed from from the same cgroup
> context as the terminal and usually not all controllers are enabled
> by default.
>
> To do a proper check we need to use the root cgroup to see what
> controllers are actually available. Libvirt or systemd ensures that
> all controllers are available for VMs as well.
>
> This still doesn't solve the devices controller with cgroups v2 where
> there is no controller as it was replaced by eBPF. Currently libvirt
> tries to query eBPF programs which usually works only for root as
> regular users will get permission denied for that operation.
>
> Fixes: https://gitlab.com/libvirt/libvirt/-/issues/94
>
> Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
> ---
> src/libvirt_private.syms | 1 +
> src/util/vircgroup.h | 4 ++++
> src/util/vircgrouppriv.h | 4 ----
> tools/virt-host-validate-common.c | 2 +-
> 4 files changed, 6 insertions(+), 5 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
Michal
More information about the libvir-list
mailing list