rpm/libvirt
SHA256
1
0
Fork 0
forked from pool/libvirt
Code Pull Requests Activity
e80682644c
libvirt/b6440119-qemu-conf-sev.patch
James Fehlig 3558b40b5b Accepting request 672885 from home:jfehlig:branches:Virtualization 
- qemu: fix issues related to restricted permissions on /dev/sev
  b6440119-qemu-conf-sev.patch, a404ac34-qemu-cgroup-sev.patch,
  6fd4c8f8-qemu-domain-sev.patch, 17f6a257-security-dac-sev.patch,
  a2d3dea9-qemu-caps-dac-override-sev.patch
  bsc#1124842

OBS-URL: https://build.opensuse.org/request/show/672885
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=728
2019-02-08 22:26:33 +00:00

65 lines
2.3 KiB
Diff
Raw Blame History

commit b6440119185a4e307654a8d26d6d551a2675bf82
Author: Erik Skultety <eskultet@redhat.com>
Date: Mon Jan 21 14:48:02 2019 +0100
qemu: conf: Remove /dev/sev from the default cgroup device acl list
We should not give domains access to something they don't necessarily
need by default. Remove it from the qemu driver docs too.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Index: libvirt-5.0.0/docs/drvqemu.html.in
===================================================================
--- libvirt-5.0.0.orig/docs/drvqemu.html.in
+++ libvirt-5.0.0/docs/drvqemu.html.in
@@ -396,8 +396,7 @@ chmod o+x /path/to/directory
/dev/null, /dev/full, /dev/zero,
/dev/random, /dev/urandom,
/dev/ptmx, /dev/kvm, /dev/kqemu,
-/dev/rtc, /dev/hpet, /dev/net/tun,
-/dev/sev
+/dev/rtc, /dev/hpet, /dev/net/tun
</pre>
<p>
Index: libvirt-5.0.0/src/qemu/qemu.conf
===================================================================
--- libvirt-5.0.0.orig/src/qemu/qemu.conf
+++ libvirt-5.0.0/src/qemu/qemu.conf
@@ -484,7 +484,7 @@
# "/dev/null", "/dev/full", "/dev/zero",
# "/dev/random", "/dev/urandom",
# "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
-# "/dev/rtc","/dev/hpet", "/dev/sev"
+# "/dev/rtc","/dev/hpet"
#]
#
# RDMA migration requires the following extra files to be added to the list:
Index: libvirt-5.0.0/src/qemu/qemu_cgroup.c
===================================================================
--- libvirt-5.0.0.orig/src/qemu/qemu_cgroup.c
+++ libvirt-5.0.0/src/qemu/qemu_cgroup.c
@@ -46,7 +46,7 @@ const char *const defaultDeviceACL[] = {
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
- "/dev/rtc", "/dev/hpet", "/dev/sev",
+ "/dev/rtc", "/dev/hpet",
NULL,
};
#define DEVICE_PTY_MAJOR 136
Index: libvirt-5.0.0/src/qemu/test_libvirtd_qemu.aug.in
===================================================================
--- libvirt-5.0.0.orig/src/qemu/test_libvirtd_qemu.aug.in
+++ libvirt-5.0.0/src/qemu/test_libvirtd_qemu.aug.in
@@ -62,7 +62,6 @@ module Test_libvirtd_qemu =
{ "8" = "/dev/kqemu" }
{ "9" = "/dev/rtc" }
{ "10" = "/dev/hpet" }
- { "11" = "/dev/sev" }
}
{ "save_image_format" = "raw" }
{ "dump_image_format" = "raw" }
View Git Blame Copy Permalink