[libvirt] [PATCH] qemu_cgroup: allow access to /dev/dri for virtio-vga

QEMU needs access to the /dev/dri/render* device for virgl to work. Allow access to all /dev/dri/* devices for domains with <video> <model type='virtio' heads='1' primary='yes'> <acceleration accel3d='yes'/> </model> </video> https://bugzilla.redhat.com/show_bug.cgi?id=1337290 --- src/qemu/qemu_cgroup.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 1e04a68..d676d66 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -51,6 +51,7 @@ static const char *const defaultDeviceACL[] = { }; #define DEVICE_PTY_MAJOR 136 #define DEVICE_SND_MAJOR 116 +#define DEVICE_DRI_MAJOR 226 static int @@ -626,6 +627,19 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver, goto cleanup; } + if (vm->def->nvideos) { + virDomainVideoDefPtr vid = vm->def->videos[0]; + if (vid->type == VIR_DOMAIN_VIDEO_TYPE_VIRTIO && + vid->accel && vid->accel->accel3d) { + rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_DRI_MAJOR, -1, + VIR_CGROUP_DEVICE_RW); + virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_DRI_MAJOR, + "sound", "rw", rv == 0); + if (rv < 0) + goto cleanup; + } + } + for (i = 0; deviceACL[i] != NULL; i++) { if (!virFileExists(deviceACL[i])) { VIR_DEBUG("Ignoring non-existent device %s", deviceACL[i]); -- 2.7.3