Overview

File b6440119-qemu-conf-sev.patch of Package libvirt.11425

commit b6440119185a4e307654a8d26d6d551a2675bf82
Author: Erik Skultety <eskultet@redhat.com>
Date:   Mon Jan 21 14:48:02 2019 +0100

    qemu: conf: Remove /dev/sev from the default cgroup device acl list
    
    We should not give domains access to something they don't necessarily
    need by default. Remove it from the qemu driver docs too.
    
    Signed-off-by: Erik Skultety <eskultet@redhat.com>
    Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

Index: libvirt-4.0.0/docs/drvqemu.html.in
===================================================================
--- libvirt-4.0.0.orig/docs/drvqemu.html.in
+++ libvirt-4.0.0/docs/drvqemu.html.in
@@ -396,8 +396,7 @@ chmod o+x /path/to/directory
 /dev/null, /dev/full, /dev/zero,
 /dev/random, /dev/urandom,
 /dev/ptmx, /dev/kvm, /dev/kqemu,
-/dev/rtc, /dev/hpet, /dev/net/tun,
-/dev/sev
+/dev/rtc, /dev/hpet, /dev/net/tun
 </pre>
 
     <p>
Index: libvirt-4.0.0/src/qemu/qemu.conf
===================================================================
--- libvirt-4.0.0.orig/src/qemu/qemu.conf
+++ libvirt-4.0.0/src/qemu/qemu.conf
@@ -451,7 +451,7 @@
 #    "/dev/null", "/dev/full", "/dev/zero",
 #    "/dev/random", "/dev/urandom",
 #    "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
-#    "/dev/rtc","/dev/hpet", "/dev/sev"
+#    "/dev/rtc","/dev/hpet"
 #]
 #
 # RDMA migration requires the following extra files to be added to the list:
Index: libvirt-4.0.0/src/qemu/qemu_cgroup.c
===================================================================
--- libvirt-4.0.0.orig/src/qemu/qemu_cgroup.c
+++ libvirt-4.0.0/src/qemu/qemu_cgroup.c
@@ -46,7 +46,7 @@ const char *const defaultDeviceACL[] = {
     "/dev/null", "/dev/full", "/dev/zero",
     "/dev/random", "/dev/urandom",
     "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
-    "/dev/rtc", "/dev/hpet", "/dev/sev",
+    "/dev/rtc", "/dev/hpet",
     NULL,
 };
 #define DEVICE_PTY_MAJOR 136
Index: libvirt-4.0.0/src/qemu/test_libvirtd_qemu.aug.in
===================================================================
--- libvirt-4.0.0.orig/src/qemu/test_libvirtd_qemu.aug.in
+++ libvirt-4.0.0/src/qemu/test_libvirtd_qemu.aug.in
@@ -60,7 +60,6 @@ module Test_libvirtd_qemu =
     { "8" = "/dev/kqemu" }
     { "9" = "/dev/rtc" }
     { "10" = "/dev/hpet" }
-    { "11" = "/dev/sev" }
 }
 { "save_image_format" = "raw" }
 { "dump_image_format" = "raw" }
openSUSE Build Service is sponsored by
Places