]> git.ipfire.org Git - thirdparty/libvirt.git/commit
projects / thirdparty / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9d92f53) | patch
qemuDomainGetHostdevPath: Create /dev/vfio/vfio iff needed
authorMichal Privoznik <mprivozn@redhat.com>
Wed, 8 Feb 2017 13:23:30 +0000 (14:23 +0100)
committerMichal Privoznik <mprivozn@redhat.com>
Mon, 20 Feb 2017 06:21:58 +0000 (07:21 +0100)
commitb8e659aa987117e319521340681c5730c4f0e024
tree8eb4428b757cc8986970f92fe80c9463128c1c87tree | snapshot
parent9d92f533f86b287eafa6bc1786cde3556b82a792commit | diff
qemuDomainGetHostdevPath: Create /dev/vfio/vfio iff needed

So far, we are allowing /dev/vfio/vfio in the devices cgroup
unconditionally (and creating it in the namespace too). Even if
domain has no hostdev assignment configured. This is potential
security hole. Therefore, when starting the domain (or
hotplugging a hostdev) create & allow /dev/vfio/vfio too (if
needed).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
src/qemu/qemu.conf diff | blob | blame | history
src/qemu/qemu_cgroup.c diff | blob | blame | history
src/qemu/qemu_domain.c diff | blob | blame | history
src/qemu/qemu_domain.h diff | blob | blame | history
src/qemu/test_libvirtd_qemu.aug.in diff | blob | blame | history
Mirror of https://github.com/libvirt/libvirt.git