From d1242ba24a5ceb74c7ba21c6b2a44aaa1745fe79 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 16 Feb 2016 16:26:01 +0100
Subject: [PATCH] qemu: cgroup: Setup cgroups for bios/firmware images

oVirt wants to use OVMF images on top of lvm for their 'logical'
storage thus we should set up device ACLs for them so it will actually
work.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1305922
---
 src/qemu/qemu_cgroup.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 9f2454557d..53642a1c4b 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -547,6 +547,25 @@ qemuSetupMemoryCgroup(virDomainObjPtr vm)
 }
 
 
+static int
+qemuSetupFirmwareCgroup(virDomainObjPtr vm)
+{
+    if (!vm->def->os.loader)
+        return 0;
+
+    if (vm->def->os.loader->path &&
+        qemuSetupImagePathCgroup(vm, vm->def->os.loader->path,
+                                 vm->def->os.loader->readonly == VIR_TRISTATE_BOOL_YES) < 0)
+        return -1;
+
+    if (vm->def->os.loader->nvram &&
+        qemuSetupImagePathCgroup(vm, vm->def->os.loader->nvram, false) < 0)
+        return -1;
+
+    return 0;
+}
+
+
 static int
 qemuSetupDevicesCgroup(virQEMUDriverPtr driver,
                        virDomainObjPtr vm)
@@ -573,6 +592,9 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver,
         goto cleanup;
     }
 
+    if (qemuSetupFirmwareCgroup(vm) < 0)
+        goto cleanup;
+
     for (i = 0; i < vm->def->ndisks; i++) {
         if (qemuSetupDiskCgroup(vm, vm->def->disks[i]) < 0)
             goto cleanup;
-- 
2.39.5