Re: [libvirt] [PATCHv3 3/2] qemu: don't request cgroup ACL access for /dev/net/tun

On 03/10/2011 09:27 AM, Laine Stump wrote:

On 03/09/2011 05:12 PM, Eric Blake wrote:

...

Since libvirt always passes /dev/net/tun to qemu via fd, we should never trigger the cases where qemu tries to directly open the device. Therefore, it is safer to deny the cgroup device ACL.

* src/qemu/qemu_cgroup.c (defaultDeviceACL): Remove /dev/net/tun. * src/qemu/qemu.conf (cgroup_device_acl): Reflect this change.

...

- "/dev/rtc", "/dev/hpet", "/dev/net/tun", + "/dev/rtc", "/dev/hpet", NULL, }; #define DEVICE_PTY_MAJOR 136

ACK.

Thanks; pushed (actually, I pushed this prior to 2/2). -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org