[libvirt] [PATCH V2 1/1] Add hw random number generator (/dev/hwrng) to cgroup ACL
From: "Pradipta Kr. Banerjee" <bpradip@in.ibm.com> Creating a qemu VM with /dev/hwrng as backend RNG device throws the following error - "Could not open '/dev/hwrng': Permission denied" This patch fixes the issue Signed-off-by: Pradipta Kr. Banerjee <bpradip@in.ibm.com> --- src/qemu/qemu_cgroup.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index f0cacd0..8e2076e 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -533,6 +533,18 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver, goto cleanup; } + if (vm->def->rng && + (vm->def->rng->backend == VIR_DOMAIN_RNG_BACKEND_RANDOM)) { + VIR_DEBUG("Setting Cgroup ACL for RNG device"); + rv = virCgroupAllowDevicePath(priv->cgroup, vm->def->rng->source.file, + VIR_CGROUP_DEVICE_RW); + virDomainAuditCgroupPath(vm, priv->cgroup, "allow", + vm->def->rng->source.file, "rw", rv == 0); + if (rv < 0 && + !virLastErrorIsSystemErrno(ENOENT)) + goto cleanup; + } + ret = 0; cleanup: virObjectUnref(cfg); -- 1.8.3.1
Hi, Any comments !! On 12/05/2013 02:00 PM, Pradipta Kr. Banerjee wrote:
From: "Pradipta Kr. Banerjee" <bpradip@in.ibm.com>
Creating a qemu VM with /dev/hwrng as backend RNG device throws the following error - "Could not open '/dev/hwrng': Permission denied" This patch fixes the issue
Signed-off-by: Pradipta Kr. Banerjee <bpradip@in.ibm.com> --- src/qemu/qemu_cgroup.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index f0cacd0..8e2076e 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -533,6 +533,18 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver, goto cleanup; }
+ if (vm->def->rng && + (vm->def->rng->backend == VIR_DOMAIN_RNG_BACKEND_RANDOM)) { + VIR_DEBUG("Setting Cgroup ACL for RNG device"); + rv = virCgroupAllowDevicePath(priv->cgroup, vm->def->rng->source.file, + VIR_CGROUP_DEVICE_RW); + virDomainAuditCgroupPath(vm, priv->cgroup, "allow", + vm->def->rng->source.file, "rw", rv == 0); + if (rv < 0 && + !virLastErrorIsSystemErrno(ENOENT)) + goto cleanup; + } + ret = 0; cleanup: virObjectUnref(cfg);
-- Regards, Pradipta
Any comments.. Should I rebase and resend the patch against the latest release. Please advise. On 12/05/2013 02:00 PM, Pradipta Kr. Banerjee wrote:
From: "Pradipta Kr. Banerjee" <bpradip@in.ibm.com>
Creating a qemu VM with /dev/hwrng as backend RNG device throws the following error - "Could not open '/dev/hwrng': Permission denied" This patch fixes the issue
Signed-off-by: Pradipta Kr. Banerjee <bpradip@in.ibm.com> --- src/qemu/qemu_cgroup.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index f0cacd0..8e2076e 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -533,6 +533,18 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver, goto cleanup; }
+ if (vm->def->rng && + (vm->def->rng->backend == VIR_DOMAIN_RNG_BACKEND_RANDOM)) { + VIR_DEBUG("Setting Cgroup ACL for RNG device"); + rv = virCgroupAllowDevicePath(priv->cgroup, vm->def->rng->source.file, + VIR_CGROUP_DEVICE_RW); + virDomainAuditCgroupPath(vm, priv->cgroup, "allow", + vm->def->rng->source.file, "rw", rv == 0); + if (rv < 0 && + !virLastErrorIsSystemErrno(ENOENT)) + goto cleanup; + } + ret = 0; cleanup: virObjectUnref(cfg);
-- Regards, Pradipta
participants (2)
-
Pradipta Kr. Banerjee -
Pradipta Kumar Banerjee