Set mknod permission in device ACL for LXC USB devices

The LXC controller itself needs to mknod the USB device node in /dev/bus/usb, so we can't block mknod permission from the cgroup. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2025-02-21 19:02:25 +00:00 · 2014-04-30 14:57:51 +01:00 · 2014-04-30 14:57:51 +01:00 · 916b147cc8
commit 916b147cc8
parent a457fc6550
1 changed files with 2 additions and 2 deletions
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@ -325,7 +325,7 @@ virLXCSetupHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,

    VIR_DEBUG("Process path '%s' for USB device", path);
    if (virCgroupAllowDevicePath(cgroup, path,
-                                 VIR_CGROUP_DEVICE_RW) < 0)
+                                 VIR_CGROUP_DEVICE_RWM) < 0)
        return -1;

    return 0;
@ -341,7 +341,7 @@ virLXCTeardownHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,

    VIR_DEBUG("Process path '%s' for USB device", path);
    if (virCgroupDenyDevicePath(cgroup, path,
-                                VIR_CGROUP_DEVICE_RW) < 0)
+                                VIR_CGROUP_DEVICE_RWM) < 0)
        return -1;

    return 0;