Add usbdevice to libvirt by modifying cgroup

内容 隐藏
Just do it
Add fine control list
Review the rules to libvirt, and leave all the character device to it
About hierarchy

CGROUP means Control group.
In my case, usb-redir works fine while usb-host not.
https://www.kernel.org/doc/Documentation/cgroups/devices.txt

Just do it

# sed -i 's/devices /#devices /'
# reboot

Add fine control list

Review the rules to libvirt, and leave all the character device to it

# cgget libvirt
To remove "c" device
# echo c > /sys/fs/cgroup/libvirt/devices.deny
To add all the "c" devices
# echo "c *:* rwm" > /sys/fs/cgroup/libvirt/devices.allow

devices.deny/allow is something like end-point.

About hierarchy

A child will not have more permission than its parent.

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注