From: Erik Skultety <eskultet@redhat.com>
Date: Mon, 21 Jan 2019 13:48:02 +0000 (+0100)
Subject: qemu: conf: Remove /dev/sev from the default cgroup device acl list
X-Git-Tag: v5.1.0-rc1~287
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6440119185a4e307654a8d26d6d551a2675bf82;p=thirdparty%2Flibvirt.git

qemu: conf: Remove /dev/sev from the default cgroup device acl list

We should not give domains access to something they don't necessarily
need by default. Remove it from the qemu driver docs too.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---

diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in
index bf60a9144b..5ad956740f 100644
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -396,7 +396,7 @@ chmod o+x /path/to/directory
 /dev/null, /dev/full, /dev/zero,
 /dev/random, /dev/urandom,
 /dev/ptmx, /dev/kvm, /dev/kqemu,
-/dev/rtc, /dev/hpet, /dev/sev
+/dev/rtc, /dev/hpet
 </pre>
 
     <p>
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index c1f1201134..7820e72dd8 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -490,7 +490,7 @@
 #    "/dev/null", "/dev/full", "/dev/zero",
 #    "/dev/random", "/dev/urandom",
 #    "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
-#    "/dev/rtc","/dev/hpet", "/dev/sev"
+#    "/dev/rtc","/dev/hpet"
 #]
 #
 # RDMA migration requires the following extra files to be added to the list:
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 9ceecb884e..7b7cd4258b 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -46,7 +46,7 @@ const char *const defaultDeviceACL[] = {
     "/dev/null", "/dev/full", "/dev/zero",
     "/dev/random", "/dev/urandom",
     "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
-    "/dev/rtc", "/dev/hpet", "/dev/sev",
+    "/dev/rtc", "/dev/hpet",
     NULL,
 };
 #define DEVICE_PTY_MAJOR 136
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index 4235464530..51a7ad5892 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -63,7 +63,6 @@ module Test_libvirtd_qemu =
     { "8" = "/dev/kqemu" }
     { "9" = "/dev/rtc" }
     { "10" = "/dev/hpet" }
-    { "11" = "/dev/sev" }
 }
 { "save_image_format" = "raw" }
 { "dump_image_format" = "raw" }