[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 7/7] qemu: Allow /dev/dri/render* for virgl domains

On 16.02.2017 13:47, Marc-André Lureau wrote:
> Hi
> On Fri, Feb 10, 2017 at 6:57 PM Michal Privoznik <mprivozn redhat com>
> wrote:
>> When enabling virgl, qemu opens /dev/dri/render*. So far, we are
>> not allowing that in devices cgroup nor creating the file in
>> domain's namespace and thus requiring users to set the paths in
>> qemu.conf. This, however, is suboptimal as it allows access to
>> ALL qemu processes even those which don't have virgl configured.
>> Signed-off-by: Michal Privoznik <mprivozn redhat com>
> Thanks, but that doesn't work :)
> You should loop over the spice/gl graphics nodes (virtio accel3d is not
> actually using 3d, as of today, if the graphics configuration/layer doesn't
> provide it)
> See also Ján Tomko "qemu_cgroup: allow access to /dev/dri/render*" patch,
> which use to work.
> After my series "[PATCH 0/5] Add rendernode selection support", it will
> further have to narrow the path allowed to the specified rendernode. This
> can be done in my series or yours, depending on applied order.

Correct, I've pushed your patches on Friday so now I'll work on allowing
selected render node in cgroup. BTW: what about /dev/dri/card0 and
/dev/dri/controlD4 - do they need to be allowed in devices CGroup too?

BTW: I've merged patches 1-6/7 since you reviewed them.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]