Re: [libvirt] [PATCHv2 6/8] cgroup: allow fine-tuning of device ACL permissions
On 03/09/2011 08:24 AM, Daniel P. Berrange wrote:
On Tue, Mar 08, 2011 at 10:13:48PM -0700, Eric Blake wrote:
> diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
> index ebf9ad5..83063a9 100644
> --- a/src/qemu/qemu_cgroup.c
> +++ b/src/qemu/qemu_cgroup.c
> @@ -226,7 +229,8 @@ int qemuSetupCgroup(struct qemud_driver *driver,
> goto cleanup;
> }
>
> - rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_PTY_MAJOR);
> + rc = virCgroupAllowDeviceMajor(cgroup, 'c', DEVICE_PTY_MAJOR,
> + VIR_CGROUP_DEVICE_RWM);
> qemuAuditCgroupMajor(vm, cgroup, "allow", DEVICE_PTY_MAJOR,
> "pty", rc == 0);
> if (rc != 0) {
I'm not entirely sure that we actually need RWM here, rather than
just RW. QEMU doesn't do any mknod in /dev/pts/XXX. The entries
in that filesystem just magically appear from the kernel when
you open /dev/ptmx.
I tested with just RW instead of RWM, and was still able to do 'virsh
console' with no change in behavior, so I went with this change.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 619 bytes)