From: Pradipta Kr. Banerjee <bpradip@in.ibm.com>
Date: Thu, 16 Jan 2014 13:41:17 +0000 (+0530)
Subject: Add hw random number generator (/dev/hwrng) to cgroup ACL
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=c6320d34637a9883e31c4081d418fc33a4277cf2;p=libvirt.git

Add hw random number generator (/dev/hwrng) to cgroup ACL

Creating a qemu VM with /dev/hwrng as backend RNG device throws the
following error - "Could not open '/dev/hwrng': Permission denied"
This patch fixes the issue

Signed-off-by: Pradipta Kr. Banerjee <bpradip@in.ibm.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
---

diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index bb99f7436e..de20f2d2a3 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -1,7 +1,7 @@
 /*
  * qemu_cgroup.c: QEMU cgroup management
  *
- * Copyright (C) 2006-2013 Red Hat, Inc.
+ * Copyright (C) 2006-2014 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -553,6 +553,18 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver,
             goto cleanup;
     }
 
+    if (vm->def->rng &&
+        (vm->def->rng->backend == VIR_DOMAIN_RNG_BACKEND_RANDOM)) {
+        VIR_DEBUG("Setting Cgroup ACL for RNG device");
+        rv = virCgroupAllowDevicePath(priv->cgroup, vm->def->rng->source.file,
+                                      VIR_CGROUP_DEVICE_RW);
+        virDomainAuditCgroupPath(vm, priv->cgroup, "allow",
+                                 vm->def->rng->source.file, "rw", rv == 0);
+        if (rv < 0 &&
+            !virLastErrorIsSystemErrno(ENOENT))
+            goto cleanup;
+    }
+
     ret = 0;
 cleanup:
     virObjectUnref(cfg);