mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-25 01:34:11 +03:00
qemu: don't request cgroup ACL access for /dev/net/tun
Since libvirt always passes /dev/net/tun to qemu via fd, we should never trigger the cases where qemu tries to directly open the device. Therefore, it is safer to deny the cgroup device ACL. * src/qemu/qemu_cgroup.c (defaultDeviceACL): Remove /dev/net/tun. * src/qemu/qemu.conf (cgroup_device_acl): Reflect this change.
This commit is contained in:
parent
5d09151341
commit
c52cbe487c
@ -182,7 +182,7 @@
|
||||
# "/dev/null", "/dev/full", "/dev/zero",
|
||||
# "/dev/random", "/dev/urandom",
|
||||
# "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
||||
# "/dev/rtc", "/dev/hpet", "/dev/net/tun",
|
||||
# "/dev/rtc", "/dev/hpet",
|
||||
#]
|
||||
|
||||
|
||||
|
@ -37,7 +37,7 @@ static const char *const defaultDeviceACL[] = {
|
||||
"/dev/null", "/dev/full", "/dev/zero",
|
||||
"/dev/random", "/dev/urandom",
|
||||
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
||||
"/dev/rtc", "/dev/hpet", "/dev/net/tun",
|
||||
"/dev/rtc", "/dev/hpet",
|
||||
NULL,
|
||||
};
|
||||
#define DEVICE_PTY_MAJOR 136
|
||||
|
Loading…
Reference in New Issue
Block a user