From: Daniel P. Berrange <berrange@redhat.com>
Date: Wed, 30 Apr 2014 13:57:51 +0000 (+0100)
Subject: Set mknod permission in device ACL for LXC USB devices
X-Git-Tag: v1.2.4~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=916b147cc8be7e1be3dce7046256d8084f076489;p=thirdparty%2Flibvirt.git

Set mknod permission in device ACL for LXC USB devices

The LXC controller itself needs to mknod the USB device
node in /dev/bus/usb, so we can't block mknod permission
from the cgroup.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---

diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index 1ae3906170..c641132a78 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -325,7 +325,7 @@ virLXCSetupHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
 
     VIR_DEBUG("Process path '%s' for USB device", path);
     if (virCgroupAllowDevicePath(cgroup, path,
-                                 VIR_CGROUP_DEVICE_RW) < 0)
+                                 VIR_CGROUP_DEVICE_RWM) < 0)
         return -1;
 
     return 0;
@@ -341,7 +341,7 @@ virLXCTeardownHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
 
     VIR_DEBUG("Process path '%s' for USB device", path);
     if (virCgroupDenyDevicePath(cgroup, path,
-                                VIR_CGROUP_DEVICE_RW) < 0)
+                                VIR_CGROUP_DEVICE_RWM) < 0)
         return -1;
 
     return 0;