Set mknod permission in device ACL for LXC USB devices

The LXC controller itself needs to mknod the USB device node in /dev/bus/usb, so we can't block mknod permission from the cgroup. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>

Set mknod permission in device ACL for LXC USB devices
The LXC controller itself needs to mknod the USB device node in /dev/bus/usb, so we can't block mknod permission from the cgroup. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>
916b147c · Daniel P. Berrange · a457fc65 · 916b147c
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

src/lxc/lxc_cgroup.c src/lxc/lxc_cgroup.c +2 -2

未找到文件。
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -325,7 +325,7 @@ virLXCSetupHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
    VIR_DEBUG("Process path '%s' for USB device", path);
    if (virCgroupAllowDevicePath(cgroup, path,
-                                 VIR_CGROUP_DEVICE_RW) < 0)
+                                 VIR_CGROUP_DEVICE_RWM) < 0)
        return -1;
    return 0;
@@ -341,7 +341,7 @@ virLXCTeardownHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
    VIR_DEBUG("Process path '%s' for USB device", path);
    if (virCgroupDenyDevicePath(cgroup, path,
-                                VIR_CGROUP_DEVICE_RW) < 0)
+                                VIR_CGROUP_DEVICE_RWM) < 0)
        return -1;
    return 0;