[PATCH v1 16/34] qemuDomainBuildNamespace: Populate basic /dev from daemon's namespace
Michal Prívozník
mprivozn at redhat.com
Thu Sep 3 16:07:09 UTC 2020
On 9/3/20 4:42 PM, Daniel P. Berrangé wrote:
> On Thu, Sep 03, 2020 at 04:40:52PM +0200, Michal Prívozník wrote:
>> On 9/3/20 2:09 PM, Daniel P. Berrangé wrote:
>>> On Wed, Jul 22, 2020 at 11:40:10AM +0200, Michal Privoznik wrote:
>>>> As mentioned in previous commit, populating domain's namespace
>>>> from pre-exec() hook is dangerous. This commit moves population
>>>> of the namespace with basic /dev nodes (e.g. /dev/null, /dev/kvm,
>>>> etc.) into daemon's namespace.
>>>>
>>>> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
>>>> ---
>>>> src/qemu/qemu_domain_namespace.c | 23 +++++++++++------------
>>>> src/qemu/qemu_domain_namespace.h | 3 ++-
>>>> src/qemu/qemu_process.c | 2 +-
>>>> 3 files changed, 14 insertions(+), 14 deletions(-)
>>>
>>> I don't understand why, but this commit has broken QEMU startup on
>>> hosts without KVM. It now always dies with
>>>
>>> error : qemuNamespaceMknodItemInit:1341 : Unable to access /dev/kvm: No such file or directory
>>>
>>>
>>> This was git bisect identified, but since theres no mention of kvm in
>>> this patch, I'm going to assume the actual bug is hiding dormant in
>>> a previous patch until this patch activates the bug.
>>
>> Let me try to reproduce and write a fix. I assume unloading KVM module is
>> enough, isn't it?
>
> Yep, unloading, or even just rm /dev/kvm is enough
So I think I know what the problem is. When domain's /dev is being
built, it's firstly populated with cfg->cgroupDeviceACL (which contains
/dev/kvm by default). Previously, the code was ENOENT tolerant, now it
is not. Let me post a patch for that.
Michal
More information about the libvir-list
mailing list