From ab5ba57012e9e6ab4f55afdeecd1813dd3ca916b Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 19 May 2020 01:06:59 +0200 Subject: [PATCH] qemu: do not allow /dev/rtc or /dev/hpet access via the devices cgroup The RTC and HPET modes for the QEMU emulation tick have been dropped almost 9 years ago, in commit 25f3151ece1d5881826232bebccc21b588d4e03e. Do not allow them in the devices cgroup policy. Signed-off-by: Paolo Bonzini Reviewed-by: Michal Privoznik --- docs/drvqemu.html.in | 1 - src/qemu/qemu.conf | 1 - src/qemu/qemu_cgroup.c | 1 - src/qemu/test_libvirtd_qemu.aug.in | 2 -- 4 files changed, 5 deletions(-) diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in index afc4ddf56d..b6d731bb59 100644 --- a/docs/drvqemu.html.in +++ b/docs/drvqemu.html.in @@ -484,7 +484,6 @@ chmod o+x /path/to/directory /dev/null, /dev/full, /dev/zero, /dev/random, /dev/urandom, /dev/ptmx, /dev/kvm, -/dev/rtc, /dev/hpet

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index abdbf07fec..d7a3f40e78 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -495,7 +495,6 @@ # "/dev/null", "/dev/full", "/dev/zero", # "/dev/random", "/dev/urandom", # "/dev/ptmx", "/dev/kvm", -# "/dev/rtc","/dev/hpet" #] # # RDMA migration requires the following extra files to be added to the list: diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 2e019b64af..d92202f847 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -47,7 +47,6 @@ const char *const defaultDeviceACL[] = { "/dev/null", "/dev/full", "/dev/zero", "/dev/random", "/dev/urandom", "/dev/ptmx", "/dev/kvm", - "/dev/rtc", "/dev/hpet", NULL, }; #define DEVICE_PTY_MAJOR 136 diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in index 19da591aae..e533b9f551 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -61,8 +61,6 @@ module Test_libvirtd_qemu = { "5" = "/dev/urandom" } { "6" = "/dev/ptmx" } { "7" = "/dev/kvm" } - { "8" = "/dev/rtc" } - { "9" = "/dev/hpet" } } { "save_image_format" = "raw" } { "dump_image_format" = "raw" } -- GitLab