[PATCH] qemu: do not allow /dev/rtc or /dev/hpet access via the devices cgroup

18 May 2020

The RTC and HPET modes for the QEMU emulation tick have been dropped almost 9 years
ago, in commit 25f3151ece1d5881826232bebccc21b588d4e03e.  Do not allow them in the
devices cgroup policy.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 docs/drvqemu.html.in               | 1 -
 src/qemu/qemu.conf                 | 1 -
 src/qemu/qemu_cgroup.c             | 1 -
 src/qemu/test_libvirtd_qemu.aug.in | 2 --
 4 files changed, 5 deletions(-)

diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in
index afc4ddf56d..b6d731bb59 100644
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -484,7 +484,6 @@ chmod o+x /path/to/directory
 /dev/null, /dev/full, /dev/zero,
 /dev/random, /dev/urandom,
 /dev/ptmx, /dev/kvm,
-/dev/rtc, /dev/hpet
 </pre>
 
     <p>
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index abdbf07fec..d7a3f40e78 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -495,7 +495,6 @@
 #    "/dev/null", "/dev/full", "/dev/zero",
 #    "/dev/random", "/dev/urandom",
 #    "/dev/ptmx", "/dev/kvm",
-#    "/dev/rtc","/dev/hpet"
 #]
 #
 # RDMA migration requires the following extra files to be added to the list:
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 2e019b64af..d92202f847 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -47,7 +47,6 @@ const char *const defaultDeviceACL[] = {
     "/dev/null", "/dev/full", "/dev/zero",
     "/dev/random", "/dev/urandom",
     "/dev/ptmx", "/dev/kvm",
-    "/dev/rtc", "/dev/hpet",
     NULL,
 };
 #define DEVICE_PTY_MAJOR 136
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index 19da591aae..e533b9f551 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -61,8 +61,6 @@ module Test_libvirtd_qemu =
     { "5" = "/dev/urandom" }
     { "6" = "/dev/ptmx" }
     { "7" = "/dev/kvm" }
-    { "8" = "/dev/rtc" }
-    { "9" = "/dev/hpet" }
 }
 { "save_image_format" = "raw" }
 { "dump_image_format" = "raw" }
-- 
2.25.4

    

Paolo Bonzini

Michal Privoznik

Daniel P. Berrangé

Michal Privoznik

Paolo Bonzini

tags

participants (3)