* Daniel P. Berrange (berrange(a)redhat.com) wrote:
On Thu, Jan 07, 2010 at 04:50:03PM -0800, Chris Wright wrote:
> Basically, this means that device assignment w/ libvirt will break
> MSI/MSI-X because qemu will never be able to see that the host device
> has those PCI capabilities. This, in turn, renders VF device assignment
> useless (since a VF is required to support MSI and/or MSI-X).
>
> Granting CAP_SYS_ADMIN for each qemu instance that does device assignment
> would render the privilege reduction useless (CAP_SYS_ADMIN is the
> kitchen sink catchall of the Linux capability system).
Yeah that's pretty troublesome, even when libvirt runs QEMU as 'root', it
will
remove all capabilities. Why is the 'CAP_SYS_ADMIN' check there - is it a
mistakenly over-zealous permission check that could be removed, just relying
on access controls on the sysfs /sys/bus/pci/devices/<DEVICE>/config
file ?
Tools like lspci expect the ability to read a pci function's config
space header. In the past there have been devices that wedge when reading
areas of device dependent config space that are not implemented, so this
portion of config space is protected (hence the need for privileges to
do lspci -v).
thanks,
-chris