Re: [libvirt] [PATCH 00/11] Avoid numerous calls of virQEMUCapsCacheLookup
On Thu, Oct 25, 2018 at 01:47:26PM +0200, Bjoern Walk wrote:
Daniel P. Berrangé <berrange(a)redhat.com> [2018-10-24, 10:43PM
+0100]:
> We could optimize this by jcalling virFileAccessibleAs
> once and storing the result in a global. Then just do a
> plain stat() call in process to check the st_ctime field
> for changes. We only need re-run the heavy virFileAccessibleAs
> check if st_ctime has changed (indicating a owner/group/acl
> change).
But can't access permission change outside of changing the actual device
file (e.g. cgroups or other OS capabilities)? Isn't that the whole
purpose of the virFileAccessibleAs gymnastics?
Yes, cgroups could restrict access to /dev/kvm, but virFileAccessibleAs
does not use cgroups, it only cares about using the correct user + group
membership.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|