
10 Mar
2011
10 Mar
'11
4:49 p.m.
On 03/10/2011 09:27 AM, Laine Stump wrote:
On 03/09/2011 05:12 PM, Eric Blake wrote:
Since libvirt always passes /dev/net/tun to qemu via fd, we should never trigger the cases where qemu tries to directly open the device. Therefore, it is safer to deny the cgroup device ACL.
* src/qemu/qemu_cgroup.c (defaultDeviceACL): Remove /dev/net/tun. * src/qemu/qemu.conf (cgroup_device_acl): Reflect this change.
- "/dev/rtc", "/dev/hpet", "/dev/net/tun", + "/dev/rtc", "/dev/hpet", NULL, }; #define DEVICE_PTY_MAJOR 136
ACK.
Thanks; pushed (actually, I pushed this prior to 2/2). -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org