Virtqemud wants to unlink /dev/urandom
Michal Prívozník
mprivozn at redhat.com
Wed Mar 16 12:28:31 UTC 2022
On 3/16/22 12:40, Nikola Knazekova wrote:
> Hi guys,
>
> Thank you very much for the detailed explanation.
>
> With the mount namespace feature turned off, there were no SELinux denials.
>
> Michal I saw yourcommit
> <https://gitlab.com/libvirt/libvirt/-/commit/22188790cad490f51e73dabcac65736c3b8871a7>,
> where firstly the existence of devices is checked. I assume when some
> correction is required, virtqemud will still need unlink permission, right?
Correct. So users can still hotplug and hotunplug devices from running
guests. In case of hotunplug libvirt will remove corresponding /dev
node. For instance, PCI devices need /dev/vfio/vfio. But if you
hotunplug last PCI device from your guest, then libvirt will also remove
/dev/vfio/vfio from the namespace.
Therefore, we still need libvirt/virtqemud/virtlxcd to be able to remove
files from under /dev.
Michal
More information about the libvir-list
mailing list