Re: [libvirt] [PATCH 2/2] qemu_cgroup: allow access to /dev/dri/render*

On Thu, May 19, 2016 at 01:29:07PM +0200, Ján Tomko wrote: Ignoring cgroups for a minute, how exactly does QEMU get access to the /dev/dri/render* devices in general ? ie when QEMU is running as the 'qemu:qemu' user/group account, with selinux enforcing I don't see how it can possibly open these files, as we're not granting access to them in any of the security drivers. Given this, allowing them in cgroups seems like the least of our problems. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|