[libvirt] [PATCH 0/7] qemu: Be more cautious about allowed devices

Michal Privoznik posted 7 patches 7 years, 1 month ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/cover.1486738487.git.mprivozn@redhat.com
src/qemu/qemu.conf                 |   2 +-
src/qemu/qemu_cgroup.c             | 311 +++++++++++--------------------------
src/qemu/qemu_domain.c             | 207 ++++++++++++++++++++----
src/qemu/qemu_domain.h             |   7 +
src/qemu/test_libvirtd_qemu.aug.in |   1 -
5 files changed, 274 insertions(+), 254 deletions(-)
[libvirt] [PATCH 0/7] qemu: Be more cautious about allowed devices
Posted by Michal Privoznik 7 years, 1 month ago
As discussed here [1], it's unsafe to allow /dev/vfio/vfio to all the domains
(even those not doing PCI assignemnt). The same goes for /dev/dri/*.

1: https://www.redhat.com/archives/libvir-list/2017-February/msg00267.html

Michal Privoznik (7):
  qemu_cgroup: Kill qemuSetupHostUSBDeviceCgroup
  qemu_cgroup: Kill qemuSetupHostSCSIDeviceCgroup
  qemu_cgroup: Kill qemuSetupHostSCSIVHostDeviceCgroup
  qemuSetupHostdevCgroup: Use qemuDomainGetHostdevPath
  qemuDomainGetHostdevPath: Create /dev/vfio/vfio iff needed
  qemuDomainGetHostdevPath: Report /dev/vfio/vfio less frequently
  qemu: Allow /dev/dri/render* for virgl domains

 src/qemu/qemu.conf                 |   2 +-
 src/qemu/qemu_cgroup.c             | 311 +++++++++++--------------------------
 src/qemu/qemu_domain.c             | 207 ++++++++++++++++++++----
 src/qemu/qemu_domain.h             |   7 +
 src/qemu/test_libvirtd_qemu.aug.in |   1 -
 5 files changed, 274 insertions(+), 254 deletions(-)

-- 
2.11.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list