[libvirt] [PATCH 11/17] util: Introduce libvirt_udevhelper

Jiri Denemark jdenemar at redhat.com
Thu Oct 27 06:37:02 UTC 2016


On Wed, Oct 26, 2016 at 17:39:35 +0200, Daniel P. Berrange wrote:
> On Wed, Oct 26, 2016 at 02:36:58PM +0200, Michal Privoznik wrote:
> > This is a small helper intended to be run by udev. On its input
> > (either as the only command line argument or in DEVNODE
> > environment vairable) it is given a device and on the output it
> > will either put nothing (meaning the device is not used by any of
> > the libvirt domains), or it will print out security labels in the
> > following form:
> > 
> >   UID GID SELABEL
> 
> How is this intended to be actually used ? ie what udev rule are
> you creating along with this ?

Yeah, the rule should really be part of this series.

> IMHO we just want the helper to indicate that udev should not do
> anything to the device - we should not need udev to ever set labels
> itself as libvirt has already set them - we just don't want udev to
> remove them. IOW, I don't see the need to print out this info at all.

That would be nice, but unfortunately there's no way to tell udev not to
touch a specific device (I discussed this stuff with Michal Sekletar).
Other udev rules might have already set UID/GID/SELABEL for the device
and we can only change it to contain the required content; we can't
reset them to "don't change any of these".

And if you were thinking that our rule could be the first rule called on
each device (rather than the last one), there's no way to tell udev to
just skip all other rules and ignore the device. It will run through all
rules and they were set their own UID/GID/SELABEL as they wish.

Jirka




More information about the libvir-list mailing list