[PATCH] qemu: do not allow /dev/rtc or /dev/hpet access via the devices cgroup
Daniel P. Berrangé
berrange at redhat.com
Tue May 19 08:55:07 UTC 2020
On Tue, May 19, 2020 at 10:10:54AM +0200, Michal Privoznik wrote:
> On 5/19/20 1:06 AM, Paolo Bonzini wrote:
> > The RTC and HPET modes for the QEMU emulation tick have been dropped almost 9 years
> > ago, in commit 25f3151ece1d5881826232bebccc21b588d4e03e. Do not allow them in the
>
> qemu.git $ git describe --tags 25f3151ece1d5881826232bebccc21b588d4e03e
> v0.14.0-rc0-1169-g25f3151ece
>
> and the minimum supported version is 1.5.0 so this is safe to merge from min
> version POV.
>
> > devices cgroup policy.
> >
> > Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
> > ---
> > docs/drvqemu.html.in | 1 -
> > src/qemu/qemu.conf | 1 -
> > src/qemu/qemu_cgroup.c | 1 -
> > src/qemu/test_libvirtd_qemu.aug.in | 2 --
> > 4 files changed, 5 deletions(-)
>
> It's not only QEMU that might use these but also a library that is linking
> with. However, quick strace showed no access to either of the files so:
>
> Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
>
> And pushed.
This broke make check
https://ci.centos.org/view/libvirt/job/libvirt-check/systems=libvirt-fedora-32/1170/console
though I don't understand why as it looks like it removed all the
right pieces. I wonder if we had a bad dependancy in make rules
meaning we didn't regenerate
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list