#cgroup_device_acl = [
# "/dev/null", "/dev/full", "/dev/zero",
# "/dev/random", "/dev/urandom",
-# "/dev/ptmx", "/dev/kvm",
-# "/dev/userfaultfd"
+# "/dev/ptmx", "/dev/userfaultfd"
#]
#
# RDMA migration requires the following extra files to be added to the list:
const char *const defaultDeviceACL[] = {
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
- "/dev/ptmx", "/dev/kvm",
- "/dev/userfaultfd",
+ "/dev/ptmx", "/dev/userfaultfd",
NULL,
};
#define DEVICE_PTY_MAJOR 136
if (qemuCgroupAllowDevicesPaths(vm, deviceACL, VIR_CGROUP_DEVICE_RW, false) < 0)
return -1;
+ if (vm->def->virtType == VIR_DOMAIN_VIRT_KVM) {
+ /* KVM requires access to /dev/kvm */
+ if (qemuCgroupAllowDevicePath(vm, QEMU_DEV_KVM, VIR_CGROUP_DEVICE_RW,
+ false) < 0)
+ return -1;
+ }
+
if (qemuSetupFirmwareCgroup(vm) < 0)
return -1;
#define QEMU_DEV_SGX_PROVISION "/dev/sgx_provision"
#define QEMU_DEVICE_MAPPER_CONTROL_PATH "/dev/mapper/control"
#define QEMU_DEV_UDMABUF "/dev/udmabuf"
+#define QEMU_DEV_KVM "/dev/kvm"
#define QEMU_DOMAIN_AES_IV_LEN 16 /* 16 bytes for 128 bit random */
static int
qemuDomainPopulateDevices(virQEMUDriverConfig *cfg,
+ virDomainObj *vm,
GSList **paths)
{
const char *const *devices = (const char *const *) cfg->cgroupDeviceACL;
size_t i;
- if (!devices)
+ if (!devices) {
devices = defaultDeviceACL;
+ if (vm->def->virtType == VIR_DOMAIN_VIRT_KVM) {
+ *paths = g_slist_prepend(*paths, g_strdup(QEMU_DEV_KVM));
+ }
+ }
+
for (i = 0; devices[i]; i++) {
*paths = g_slist_prepend(*paths, g_strdup(devices[i]));
}
return 0;
}
- if (qemuDomainPopulateDevices(cfg, &paths) < 0)
+ if (qemuDomainPopulateDevices(cfg, vm, &paths) < 0)
return -1;
if (qemuDomainSetupAllDisks(vm, &paths) < 0)
{ "4" = "/dev/random" }
{ "5" = "/dev/urandom" }
{ "6" = "/dev/ptmx" }
- { "7" = "/dev/kvm" }
- { "8" = "/dev/userfaultfd" }
+ { "7" = "/dev/userfaultfd" }
}
{ "save_image_format" = "raw" }
{ "dump_image_format" = "raw" }
projects / thirdparty / libvirt.git / commitdiff
