[libvirt] [PATCH] Set mknod permission in device ACL for LXC USB devices
The LXC controller itself needs to mknod the USB device node in /dev/bus/usb, so we can't block mknod permission from the cgroup. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/lxc/lxc_cgroup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c index 1ae3906..c641132 100644 --- a/src/lxc/lxc_cgroup.c +++ b/src/lxc/lxc_cgroup.c @@ -325,7 +325,7 @@ virLXCSetupHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED, VIR_DEBUG("Process path '%s' for USB device", path); if (virCgroupAllowDevicePath(cgroup, path, - VIR_CGROUP_DEVICE_RW) < 0) + VIR_CGROUP_DEVICE_RWM) < 0) return -1; return 0; @@ -341,7 +341,7 @@ virLXCTeardownHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED, VIR_DEBUG("Process path '%s' for USB device", path); if (virCgroupDenyDevicePath(cgroup, path, - VIR_CGROUP_DEVICE_RW) < 0) + VIR_CGROUP_DEVICE_RWM) < 0) return -1; return 0; -- 1.9.0
On 30.04.2014 15:58, Daniel P. Berrange wrote:
The LXC controller itself needs to mknod the USB device node in /dev/bus/usb, so we can't block mknod permission from the cgroup.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/lxc/lxc_cgroup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c index 1ae3906..c641132 100644 --- a/src/lxc/lxc_cgroup.c +++ b/src/lxc/lxc_cgroup.c @@ -325,7 +325,7 @@ virLXCSetupHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
VIR_DEBUG("Process path '%s' for USB device", path); if (virCgroupAllowDevicePath(cgroup, path, - VIR_CGROUP_DEVICE_RW) < 0) + VIR_CGROUP_DEVICE_RWM) < 0) return -1;
return 0; @@ -341,7 +341,7 @@ virLXCTeardownHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
VIR_DEBUG("Process path '%s' for USB device", path); if (virCgroupDenyDevicePath(cgroup, path, - VIR_CGROUP_DEVICE_RW) < 0) + VIR_CGROUP_DEVICE_RWM) < 0) return -1;
return 0;
ACK Michal
On 04/30/2014 07:58 AM, Daniel P. Berrange wrote:
The LXC controller itself needs to mknod the USB device node in /dev/bus/usb, so we can't block mknod permission from the cgroup.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/lxc/lxc_cgroup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
ACK, and safe during the freeze -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
participants (3)
-
Daniel P. Berrange -
Eric Blake -
Michal Privoznik