[libvirt] [PATCH] Set mknod permission in device ACL for LXC USB devices
Michal Privoznik
mprivozn at redhat.com
Wed Apr 30 15:42:43 UTC 2014
On 30.04.2014 15:58, Daniel P. Berrange wrote:
> The LXC controller itself needs to mknod the USB device
> node in /dev/bus/usb, so we can't block mknod permission
> from the cgroup.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> src/lxc/lxc_cgroup.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
> index 1ae3906..c641132 100644
> --- a/src/lxc/lxc_cgroup.c
> +++ b/src/lxc/lxc_cgroup.c
> @@ -325,7 +325,7 @@ virLXCSetupHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
>
> VIR_DEBUG("Process path '%s' for USB device", path);
> if (virCgroupAllowDevicePath(cgroup, path,
> - VIR_CGROUP_DEVICE_RW) < 0)
> + VIR_CGROUP_DEVICE_RWM) < 0)
> return -1;
>
> return 0;
> @@ -341,7 +341,7 @@ virLXCTeardownHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
>
> VIR_DEBUG("Process path '%s' for USB device", path);
> if (virCgroupDenyDevicePath(cgroup, path,
> - VIR_CGROUP_DEVICE_RW) < 0)
> + VIR_CGROUP_DEVICE_RWM) < 0)
> return -1;
>
> return 0;
>
ACK
Michal
More information about the libvir-list
mailing list