From nobody Thu Mar 28 11:14:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1589843252; cv=none; d=zohomail.com; s=zohoarc; b=RpD86DdBLYhDzYlD4WmjuJo1MhGsgWeLyP4yWWMcYlEOlH6V4LdhIuccD3gQoRBPFZb24SgUK3P8IxUp7kjBmJzOT68uxyTNd8SuTAghLsPRHJEIMDStNX8Vc8Wr+H8bPo4iwCsXPfHZmVFfPFYwSfOSL/UTycOBj6vXp9ra9Ho= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589843252; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=2oTGvXNa2I5X7KADavFpbWMDT/I9M3Shqeki9OUGpPk=; b=dXMOlvDP1eVIaqlq0HdOGIbq10NCZIqVKVKMNODIWU6ypcMxDg7NizLPa4Z73xKQykMaRok8ZbIJ64RdhEiOlu0AO2YaiJD9i7mbeXIANLw9B12lJ/NuA7+BFiCwIadckpxi4s5zapG/omS86wiSxZVyRJtyNM4FzFJaWhJ36Jc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1589843252952242.92208906870405; Mon, 18 May 2020 16:07:32 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-81-xF1GHZpcMZSJ2pUh3neH8Q-1; Mon, 18 May 2020 19:07:26 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 475231800D42; Mon, 18 May 2020 23:07:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C959E99D2; Mon, 18 May 2020 23:07:17 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id E32FF1809547; Mon, 18 May 2020 23:07:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 04IN79fp030105 for ; Mon, 18 May 2020 19:07:09 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1003410F26FD; Mon, 18 May 2020 23:07:09 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0201710F26F0 for ; Mon, 18 May 2020 23:07:06 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 23A6D8A5E8B for ; Mon, 18 May 2020 23:07:06 +0000 (UTC) Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-196-rJs4Bk-dM5eq-3V4aLSlWQ-1; Mon, 18 May 2020 19:07:01 -0400 Received: by mail-wr1-f68.google.com with SMTP id l18so13722470wrn.6 for ; Mon, 18 May 2020 16:07:01 -0700 (PDT) Received: from donizetti.lan ([93.56.170.5]) by smtp.gmail.com with ESMTPSA id 32sm18744916wrg.19.2020.05.18.16.06.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 May 2020 16:06:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589843251; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=2oTGvXNa2I5X7KADavFpbWMDT/I9M3Shqeki9OUGpPk=; b=J3oYeKWjapuTtdcG0pZY3/RPZroK5deDzFQPnaGXw/+Ehyl7Eog7XRqyVCHn9XR4qLGma0 efPsORDdllfXLzM7x+1kUoUXbVNcvuixET+rfCktPWibAhZXbF9wU19UDlzzcQVcEX8VAj DMvENin/j766iATYEXt0u85Agnv8Ct0= X-MC-Unique: xF1GHZpcMZSJ2pUh3neH8Q-1 X-MC-Unique: rJs4Bk-dM5eq-3V4aLSlWQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:subject:date:message-id :mime-version:content-transfer-encoding; bh=2oTGvXNa2I5X7KADavFpbWMDT/I9M3Shqeki9OUGpPk=; b=L2fAcvNHKW39VOcuWPxIsyl+fasJjBcZKP9jst5AT3Ty0Tua4e2C4ncLjueUG5o7lu RcBPJYPON3nTIhg6uWmnkRRKTk+VbRxv//ZCarU1XReNx2VtzTwv4ICFfH6oV8gfWkfu ZTWRGu40xxGOF0hZ0SfYG54ruKR17yog4RNRzliLQVEP6wKq20PrN/Lo8vgxnDfkwZgL YMsNWvgcLEAZ3BDK/aDNe8D5Vm7gY4pW1yPJOpDA98DCDUQ8A4+6ETcR+PthCM6z4U+n 74J/+pZSneS3ljUjTWwDEXva+L1zt3CRHGfs5rTCN8+G49mLaboqBd4ae6H/4gVnTBDU z2dQ== X-Gm-Message-State: AOAM533JoCNkEPvbbAcEgJutNb7MI6rndjWpD7FamuAZAJ+7All0/GgL BRONmh42v9cxOD7G3aeoO8de5c3f X-Google-Smtp-Source: ABdhPJw0AAE+IF4I3ePeNJnL9byYu1RhtffaoSkGR6gBsWLf4DDEHA/FXkzWyp/1fJd0paHLu4Ma2w== X-Received: by 2002:adf:dfcd:: with SMTP id q13mr21241266wrn.22.1589843220154; Mon, 18 May 2020 16:07:00 -0700 (PDT) From: Paolo Bonzini To: libvir-list@redhat.com Subject: [PATCH] qemu: do not allow /dev/rtc or /dev/hpet access via the devices cgroup Date: Tue, 19 May 2020 01:06:59 +0200 Message-Id: <20200518230659.24510-1-pbonzini@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The RTC and HPET modes for the QEMU emulation tick have been dropped almost= 9 years ago, in commit 25f3151ece1d5881826232bebccc21b588d4e03e. Do not allow them= in the devices cgroup policy. Signed-off-by: Paolo Bonzini Reviewed-by: Michal Privoznik --- docs/drvqemu.html.in | 1 - src/qemu/qemu.conf | 1 - src/qemu/qemu_cgroup.c | 1 - src/qemu/test_libvirtd_qemu.aug.in | 2 -- 4 files changed, 5 deletions(-) diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in index afc4ddf56d..b6d731bb59 100644 --- a/docs/drvqemu.html.in +++ b/docs/drvqemu.html.in @@ -484,7 +484,6 @@ chmod o+x /path/to/directory /dev/null, /dev/full, /dev/zero, /dev/random, /dev/urandom, /dev/ptmx, /dev/kvm, -/dev/rtc, /dev/hpet =20

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index abdbf07fec..d7a3f40e78 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -495,7 +495,6 @@ # "/dev/null", "/dev/full", "/dev/zero", # "/dev/random", "/dev/urandom", # "/dev/ptmx", "/dev/kvm", -# "/dev/rtc","/dev/hpet" #] # # RDMA migration requires the following extra files to be added to the lis= t: diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 2e019b64af..d92202f847 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -47,7 +47,6 @@ const char *const defaultDeviceACL[] =3D { "/dev/null", "/dev/full", "/dev/zero", "/dev/random", "/dev/urandom", "/dev/ptmx", "/dev/kvm", - "/dev/rtc", "/dev/hpet", NULL, }; #define DEVICE_PTY_MAJOR 136 diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index 19da591aae..e533b9f551 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -61,8 +61,6 @@ module Test_libvirtd_qemu =3D { "5" =3D "/dev/urandom" } { "6" =3D "/dev/ptmx" } { "7" =3D "/dev/kvm" } - { "8" =3D "/dev/rtc" } - { "9" =3D "/dev/hpet" } } { "save_image_format" =3D "raw" } { "dump_image_format" =3D "raw" } --=20 2.25.4