From: Pavel Hrdina <phrdina@redhat.com> If libvirt daemon is running unprivileged it will fail so we should not even try to set it. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/qemu/qemu_process.c | 2 +- src/util/viriommufd.c | 6 +++--- src/util/viriommufd.h | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index ab7cf03c0e..ecd05b4bf6 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -7732,7 +7732,7 @@ qemuProcessOpenIommuFd(virDomainObj *vm) VIR_DEBUG("Opening IOMMU FD for domain %s", vm->def->name); - if ((iommufd = virIOMMUFDOpenDevice()) < 0) + if ((iommufd = virIOMMUFDOpenDevice(priv->driver->privileged)) < 0) return -1; if (qemuSecuritySetImageFDLabel(priv->driver->securityManager, vm->def, iommufd) < 0) diff --git a/src/util/viriommufd.c b/src/util/viriommufd.c index b62d59241d..82920923a2 100644 --- a/src/util/viriommufd.c +++ b/src/util/viriommufd.c @@ -80,14 +80,14 @@ virIOMMUFDSetRLimitMode(int fd, bool processAccounting) } int -virIOMMUFDOpenDevice(void) +virIOMMUFDOpenDevice(bool privileged) { int fd = -1; if ((fd = open(VIR_IOMMU_DEV_PATH, O_RDWR | O_CLOEXEC)) < 0) virReportSystemError(errno, "%s", _("cannot open IOMMUFD device")); - if (virIOMMUFDSetRLimitMode(fd, true) < 0) { + if (privileged && virIOMMUFDSetRLimitMode(fd, true) < 0) { VIR_FORCE_CLOSE(fd); return -1; } @@ -98,7 +98,7 @@ virIOMMUFDOpenDevice(void) #else int -virIOMMUFDOpenDevice(void) +virIOMMUFDOpenDevice(bool privileged G_GNUC_UNUSED) { virReportError(VIR_ERR_NO_SUPPORT, "%s", _("IOMMUFD is not supported on this platform")); diff --git a/src/util/viriommufd.h b/src/util/viriommufd.h index 223f44eb5c..7bad5c7472 100644 --- a/src/util/viriommufd.h +++ b/src/util/viriommufd.h @@ -22,6 +22,6 @@ #define VIR_IOMMU_DEV_PATH "/dev/iommu" -int virIOMMUFDOpenDevice(void); +int virIOMMUFDOpenDevice(bool privileged); bool virIOMMUFDSupported(void); -- 2.53.0