Add hw random number generator (/dev/hwrng) to cgroup ACL

Creating a qemu VM with /dev/hwrng as backend RNG device throws the following error - "Could not open '/dev/hwrng': Permission denied" This patch fixes the issue Signed-off-by: Pradipta Kr. Banerjee <bpradip@in.ibm.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2014-01-16 19:11:17 +05:30 · 2014-01-16 19:11:17 +05:30 · c6320d3463
parent 2636dc8c4d
commit c6320d3463
1 changed files with 13 additions and 1 deletions
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@ -1,7 +1,7 @@
 /*
 * qemu_cgroup.c: QEMU cgroup management
 *
- * Copyright (C) 2006-2013 Red Hat, Inc.
+ * Copyright (C) 2006-2014 Red Hat, Inc.
 * Copyright (C) 2006 Daniel P. Berrange
 *
 * This library is free software; you can redistribute it and/or
@ -553,6 +553,18 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver,
            goto cleanup;
    }

+    if (vm->def->rng &&
+        (vm->def->rng->backend == VIR_DOMAIN_RNG_BACKEND_RANDOM)) {
+        VIR_DEBUG("Setting Cgroup ACL for RNG device");
+        rv = virCgroupAllowDevicePath(priv->cgroup, vm->def->rng->source.file,
+                                      VIR_CGROUP_DEVICE_RW);
+        virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
+                                 vm->def->rng->source.file, "rw", rv == 0);
+        if (rv < 0 &&
+            !virLastErrorIsSystemErrno(ENOENT))
+            goto cleanup;
+    }
+
    ret = 0;
 cleanup:
    virObjectUnref(cfg);