RE: udmabuf error with libvirt + QEMU

Hi Daniel, You're right , /dev/udmabuf is required for GTK display for GL support. I agree passing the device using qemu:arg breaks the security confinement of Libvirt. For our use-case we need to have the GL support, is there any way to specify the GTK display option in the Libvirt XML ? or any other alternatives? Thanks, Shiv -----Original Message----- From: Daniel P. Berrangé <berrange(a)redhat.com&gt; Sent: Tuesday, February 1, 2022 8:11 PM To: M, Shivakumar <shivakumar.m(a)intel.com&gt; Cc: libvirt-users(a)redhat.com Subject: Re: udmabuf error with libvirt + QEMU On Tue, Feb 01, 2022 at 02:27:55PM +0000, M, Shivakumar wrote: When libvirt launches QEMU it puts in place a number of strict security protections. Libvirt will grant access on a per-file basis to resources on the host that QEMU should be allowed to access based on the device configuration in the XML. In your case though you're using command line passthrough: This is totally opaque to libvirt and so libvirt won't be granting access to any resources needed by these args. I'm assuming /dev/udmabuf is needed by the GTK display for GL support, or something along those lines. For further information about your options please consult this page: https://libvirt.org/kbase/qemu-passthrough-security.html Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|