1:03 p.m.
When a SPICE or VNC graphics controller is present, and sound is
piggybacked over a channel to the graphics device rather than
directly accessing host hardware, then there is no need to grant
host hardware access to that qemu process.
* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Prevent sound with
spice, and with vnc when vnc_allow_host_audio is 0.
Reported by Daniel Berrange.
---
Daniel noticed this while reviewing the audit code - the audit
proved that we were allowing more resources than necessary.
src/qemu/qemu_cgroup.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index b39b5e1..e71d3fa 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -241,7 +241,11 @@ int qemuSetupCgroup(struct qemud_driver *driver,
goto cleanup;
}
- if (vm->def->nsounds) {
+ if (vm->def->nsounds &&
+ (!vm->def->ngraphics ||
+ ((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC
&&
+ driver->vncAllowHostAudio) ||
+ (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL)))) {
rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_SND_MAJOR);
qemuDomainCgroupAudit(vm, cgroup, "allow", "major",
"sound",
rc == 0);
--
1.7.4
4:19 a.m.
On Fri, Feb 25, 2011 at 12:03:52PM -0700, Eric Blake wrote:
When a SPICE or VNC graphics controller is present, and sound is
piggybacked over a channel to the graphics device rather than
directly accessing host hardware, then there is no need to grant
host hardware access to that qemu process.
* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Prevent sound with
spice, and with vnc when vnc_allow_host_audio is 0.
Reported by Daniel Berrange.
---
Daniel noticed this while reviewing the audit code - the audit
proved that we were allowing more resources than necessary.
src/qemu/qemu_cgroup.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index b39b5e1..e71d3fa 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -241,7 +241,11 @@ int qemuSetupCgroup(struct qemud_driver *driver,
goto cleanup;
}
- if (vm->def->nsounds) {
+ if (vm->def->nsounds &&
+ (!vm->def->ngraphics ||
+ ((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC
&&
+ driver->vncAllowHostAudio) ||
+ (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL))))
{
rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_SND_MAJOR);
qemuDomainCgroupAudit(vm, cgroup, "allow", "major",
"sound",
rc == 0);
ACK
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
10:48 a.m.
On 02/28/2011 03:19 AM, Daniel P. Berrange wrote:
On Fri, Feb 25, 2011 at 12:03:52PM -0700, Eric Blake wrote:
> When a SPICE or VNC graphics controller is present, and sound is
> piggybacked over a channel to the graphics device rather than
> directly accessing host hardware, then there is no need to grant
> host hardware access to that qemu process.
>
> * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Prevent sound with
> spice, and with vnc when vnc_allow_host_audio is 0.
> Reported by Daniel Berrange.
ACK
Thanks; pushed.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
5016
days inactive
5019
days old
2 comments
2 participants
participants (2)
-
Daniel P. Berrange -
Eric Blake