From 3943bdd60c7ff1de00e73f66d907664b74a88a3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Thu, 19 May 2016 09:29:17 +0200
Subject: [PATCH] qemu_cgroup: allow access to /dev/dri for virtio-vga

QEMU needs access to the /dev/dri/render* device for
virgl to work.

Allow access to all /dev/dri/* devices for domains with
<video>
  <model type='virtio' heads='1' primary='yes'>
    <acceleration accel3d='yes'/>
  </model>
</video>

https://bugzilla.redhat.com/show_bug.cgi?id=1337290
---
 src/qemu/qemu_cgroup.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 1e04a68e04..46634f4c29 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -51,6 +51,7 @@ static const char *const defaultDeviceACL[] = {
 };
 #define DEVICE_PTY_MAJOR 136
 #define DEVICE_SND_MAJOR 116
+#define DEVICE_DRI_MAJOR 226
 
 
 static int
@@ -626,6 +627,20 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver,
             goto cleanup;
     }
 
+    if (vm->def->nvideos) {
+        /* currently libvirt only allows the primary video to be virtio */
+        virDomainVideoDefPtr vid = vm->def->videos[0];
+        if (vid->type == VIR_DOMAIN_VIDEO_TYPE_VIRTIO &&
+            vid->accel && vid->accel->accel3d == VIR_TRISTATE_BOOL_YES) {
+            rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_DRI_MAJOR, -1,
+                                      VIR_CGROUP_DEVICE_RW);
+            virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_DRI_MAJOR,
+                                      "video", "rw", rv == 0);
+            if (rv < 0)
+                goto cleanup;
+        }
+    }
+
     for (i = 0; deviceACL[i] != NULL; i++) {
         if (!virFileExists(deviceACL[i])) {
             VIR_DEBUG("Ignoring non-existent device %s", deviceACL[i]);
-- 
GitLab