qemu: do not allow /dev/rtc or /dev/hpet access via the devices cgroup

author Paolo Bonzini <pbonzini@redhat.com>

Mon, 18 May 2020 23:06:59 +0000 (01:06 +0200)

committer Michal Privoznik <mprivozn@redhat.com>

Tue, 19 May 2020 08:04:06 +0000 (10:04 +0200)
author Paolo Bonzini <pbonzini@redhat.com>
Mon, 18 May 2020 23:06:59 +0000 (01:06 +0200)
committer Michal Privoznik <mprivozn@redhat.com>
Tue, 19 May 2020 08:04:06 +0000 (10:04 +0200)
diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in

index afc4ddf56dfbcba6e2ae55f069e7f7abbf240b8a..b6d731bb59c3fdf98fbb8a865ebd267979ad33aa 100644 (file)
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -484,7 +484,6 @@ chmod o+x /path/to/directory
  /dev/null, /dev/full, /dev/zero,
  /dev/random, /dev/urandom,
  /dev/ptmx, /dev/kvm,
-/dev/rtc, /dev/hpet
  </pre>
  
      <p>
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf

index abdbf07fec606850e96baaa0f08e464e11138a15..d7a3f40e787759c7cc08c1181fb22f743aee2f69 100644 (file)
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -495,7 +495,6 @@
  #    "/dev/null", "/dev/full", "/dev/zero",
  #    "/dev/random", "/dev/urandom",
  #    "/dev/ptmx", "/dev/kvm",
-#    "/dev/rtc","/dev/hpet"
  #]
  #
  # RDMA migration requires the following extra files to be added to the list:
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c

index 2e019b64af0cb5ae9fe74231c1b3fdd29a231aa4..d92202f847fa211af4fb092a5dcc86f06ae169c5 100644 (file)
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -47,7 +47,6 @@ const char *const defaultDeviceACL[] = {
      "/dev/null", "/dev/full", "/dev/zero",
      "/dev/random", "/dev/urandom",
      "/dev/ptmx", "/dev/kvm",
-    "/dev/rtc", "/dev/hpet",
      NULL,
  };
  #define DEVICE_PTY_MAJOR 136
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in

index 19da591aaefe0cb0b030df44162782f04fa6b473..e533b9f551c39a2c40944249778d8d4cad2ca1b3 100644 (file)
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -61,8 +61,6 @@ module Test_libvirtd_qemu =
      { "5" = "/dev/urandom" }
      { "6" = "/dev/ptmx" }
      { "7" = "/dev/kvm" }
-    { "8" = "/dev/rtc" }
-    { "9" = "/dev/hpet" }
  }
  { "save_image_format" = "raw" }
  { "dump_image_format" = "raw" }
author	Paolo Bonzini <pbonzini@redhat.com>
	Mon, 18 May 2020 23:06:59 +0000 (01:06 +0200)
committer	Michal Privoznik <mprivozn@redhat.com>
	Tue, 19 May 2020 08:04:06 +0000 (10:04 +0200)
docs/drvqemu.html.in		patch \| blob \| blame \| history
src/qemu/qemu.conf		patch \| blob \| blame \| history
src/qemu/qemu_cgroup.c		patch \| blob \| blame \| history
src/qemu/test_libvirtd_qemu.aug.in		patch \| blob \| blame \| history