qemu: do not allow /dev/rtc or /dev/hpet access via the devices cgroup

The RTC and HPET modes for the QEMU emulation tick have been dropped almost 9 years ago, in commit 25f3151ece1d5881826232bebccc21b588d4e03e. Do not allow them in the devices cgroup policy. Signed-off-by: N Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: N Michal Privoznik <mprivozn@redhat.com>

qemu: do not allow /dev/rtc or /dev/hpet access via the devices cgroup
The RTC and HPET modes for the QEMU emulation tick have been dropped almost 9 years ago, in commit 25f3151ece1d5881826232bebccc21b588d4e03e. Do not allow them in the devices cgroup policy. Signed-off-by: N Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: N Michal Privoznik <mprivozn@redhat.com>
ab5ba570 · Paolo Bonzini · Michal Privoznik · c0e04c2e · ab5ba570 · ab5ba570
4 changed file
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -484,7 +484,6 @@ chmod o+x /path/to/directory
 /dev/null, /dev/full, /dev/zero,
 /dev/random, /dev/urandom,
 /dev/ptmx, /dev/kvm,
-/dev/rtc, /dev/hpet
 </pre>

    <p>

--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -495,7 +495,6 @@
 #    "/dev/null", "/dev/full", "/dev/zero",
 #    "/dev/random", "/dev/urandom",
 #    "/dev/ptmx", "/dev/kvm",
-#    "/dev/rtc","/dev/hpet"
 #]
 #
 # RDMA migration requires the following extra files to be added to the list:

--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -47,7 +47,6 @@ const char *const defaultDeviceACL[] = {
    "/dev/null", "/dev/full", "/dev/zero",
    "/dev/random", "/dev/urandom",
    "/dev/ptmx", "/dev/kvm",
-    "/dev/rtc", "/dev/hpet",
    NULL,
 };
 #define DEVICE_PTY_MAJOR 136

--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -61,8 +61,6 @@ module Test_libvirtd_qemu =
    { "5" = "/dev/urandom" }
    { "6" = "/dev/ptmx" }
    { "7" = "/dev/kvm" }
-    { "8" = "/dev/rtc" }
-    { "9" = "/dev/hpet" }
 }
 { "save_image_format" = "raw" }
 { "dump_image_format" = "raw" }