On Mon, Jul 17, 2017 at 12:42:12PM -0400, Cole Robinson wrote:
On 07/17/2017 12:35 PM, Daniel P. Berrange wrote:
On Mon, Jul 17, 2017 at 12:31:50PM -0400, Cole Robinson wrote:
For a logged in user this a path like /dev/dri/renderD128 will have default ownership root:video which won't work for the qemu:qemu user, so we need to chown it.
Thankfully with the namespace work we don't need to worry about this shutting out other legitimate users
We support turning off namespaces, in which case this will harm other users. So at very least we need to make this conditional on namespaces being enabled.
I can look into that, but then again it's basically the way the DAC driver already works for potentially more invasive scenarios like /dev/sd*, /dev/cdrom, USB devices etc etc
My concern is that changing this will break apps in the active desktop session that are currently using the graphics card too. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|