
* Daniel P. Berrange (berrange@redhat.com) wrote:
On Thu, Jan 07, 2010 at 04:50:03PM -0800, Chris Wright wrote:
Basically, this means that device assignment w/ libvirt will break MSI/MSI-X because qemu will never be able to see that the host device has those PCI capabilities. This, in turn, renders VF device assignment useless (since a VF is required to support MSI and/or MSI-X).
Granting CAP_SYS_ADMIN for each qemu instance that does device assignment would render the privilege reduction useless (CAP_SYS_ADMIN is the kitchen sink catchall of the Linux capability system).
Yeah that's pretty troublesome, even when libvirt runs QEMU as 'root', it will remove all capabilities. Why is the 'CAP_SYS_ADMIN' check there - is it a mistakenly over-zealous permission check that could be removed, just relying on access controls on the sysfs /sys/bus/pci/devices/<DEVICE>/config file ?
Tools like lspci expect the ability to read a pci function's config space header. In the past there have been devices that wedge when reading areas of device dependent config space that are not implemented, so this portion of config space is protected (hence the need for privileges to do lspci -v). thanks, -chris