[libvirt] [PATCH 0/7] qemu: Be more cautious about allowed devices

As discussed here [1], it's unsafe to allow /dev/vfio/vfio to all the domains (even those not doing PCI assignemnt). The same goes for /dev/dri/*. 1: https://www.redhat.com/archives/libvir-list/2017-February/msg00267.html Michal Privoznik (7): qemu_cgroup: Kill qemuSetupHostUSBDeviceCgroup qemu_cgroup: Kill qemuSetupHostSCSIDeviceCgroup qemu_cgroup: Kill qemuSetupHostSCSIVHostDeviceCgroup qemuSetupHostdevCgroup: Use qemuDomainGetHostdevPath qemuDomainGetHostdevPath: Create /dev/vfio/vfio iff needed qemuDomainGetHostdevPath: Report /dev/vfio/vfio less frequently qemu: Allow /dev/dri/render* for virgl domains src/qemu/qemu.conf | 2 +- src/qemu/qemu_cgroup.c | 311 +++++++++++-------------------------- src/qemu/qemu_domain.c | 207 ++++++++++++++++++++---- src/qemu/qemu_domain.h | 7 + src/qemu/test_libvirtd_qemu.aug.in | 1 - 5 files changed, 274 insertions(+), 254 deletions(-) -- 2.11.0