git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Pavel Hrdina <phrdina@redhat.com>
	Wed, 18 Nov 2020 12:08:22 +0000 (13:08 +0100)
committer	Pavel Hrdina <phrdina@redhat.com>
	Thu, 19 Nov 2020 00:18:35 +0000 (01:18 +0100)
commit	126cb34a206a44f04e364700b46426dff9f387d5
tree	92e7474d3de4f6cf8605f23f0860f7fe92f6ec7a	tree
parent	e289ffa23d271dd06ed9b297dba8367373da0b3e	commit \| diff

virt-host-validate: fix detection with cgroups v2

Using virtCgroupNewSelf() is not correct with cgroups v2 because the
the virt-host-validate process is executed from from the same cgroup
context as the terminal and usually not all controllers are enabled
by default.

To do a proper check we need to use the root cgroup to see what
controllers are actually available. Libvirt or systemd ensures that
all controllers are available for VMs as well.

This still doesn't solve the devices controller with cgroups v2 where
there is no controller as it was replaced by eBPF. Currently libvirt
tries to query eBPF programs which usually works only for root as
regular users will get permission denied for that operation.

Fixes: https://gitlab.com/libvirt/libvirt/-/issues/94
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

src/libvirt_private.syms		diff \| blob \| blame \| history
src/util/vircgroup.h		diff \| blob \| blame \| history
src/util/vircgrouppriv.h		diff \| blob \| blame \| history
tools/virt-host-validate-common.c		diff \| blob \| blame \| history