From: "Pradipta Kr. Banerjee" <bpradip@in.ibm.com> Creating a qemu VM with /dev/hwrng as backend RNG device throws the following error - "Could not open '/dev/hwrng': Permission denied" This patch fixes the issue Signed-off-by: Pradipta Kr. Banerjee <bpradip@in.ibm.com> --- v2: Added acl code as part of per-VM cgroup setup src/qemu/qemu_cgroup.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index f0cacd0..8e2076e 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -533,6 +533,18 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver, goto cleanup; } + if (vm->def->rng && + (vm->def->rng->backend == VIR_DOMAIN_RNG_BACKEND_RANDOM)) { + VIR_DEBUG("Setting Cgroup ACL for RNG device"); + rv = virCgroupAllowDevicePath(priv->cgroup, vm->def->rng->source.file, + VIR_CGROUP_DEVICE_RW); + virDomainAuditCgroupPath(vm, priv->cgroup, "allow", + vm->def->rng->source.file, "rw", rv == 0); + if (rv < 0 && + !virLastErrorIsSystemErrno(ENOENT)) + goto cleanup; + } + ret = 0; cleanup: virObjectUnref(cfg); -- 1.8.3.1