Add usbdevice to libvirt by modifying cgroup

内容隐藏

2.1 Review the rules to libvirt, and leave all the character device to it

CGROUP means Control group.
In my case, usb-redir works fine while usb-host not.
https://www.kernel.org/doc/Documentation/cgroups/devices.txt

Just do it

# sed -i 's/devices /#devices /'
# reboot

1 2	# sed -i 's/devices /#devices /' # reboot

Add fine control list

Review the rules to libvirt, and leave all the character device to it

# cgget libvirt
To remove "c" device
# echo c > /sys/fs/cgroup/libvirt/devices.deny
To add all the "c" devices
# echo "c *:* rwm" > /sys/fs/cgroup/libvirt/devices.allow

# cgget libvirt

To remove "c" device

# echo c > /sys/fs/cgroup/libvirt/devices.deny

To add all the "c" devices

# echo "c *:* rwm" > /sys/fs/cgroup/libvirt/devices.allow

devices.deny/allow is something like end-point.

About hierarchy

A child will not have more permission than its parent.

Just do it

Add fine control list

Review the rules to libvirt, and leave all the character device to it

About hierarchy

发表评论 取消回复

发表评论取消回复