On 3/17/21 5:45 AM, Melissa Nu?o wrote:> Hi all,
>
> I'm creating a device during the prepare hook, and would like to add it
> to the device.allow file for the VM. The cgroup doesn't exist during
the
> prepare hook or the start hook and will fail with an "Operation not
> permitted" error. I can add the expected path to qemu.conf and restart
> libvirtd, but this isn't very flexible since I'd have to do it for
each
> device for each VM I create. All of the other libvirt cgroups seem to
> allow all devices, so I'm not seeing where the VM cgroup is getting its
> initial list.
>
> Is there a way to access the cgroup for a VM before it has started? I
> can't even predict where it should be since it contains the domain ID.
>
We've already sorted this out through IRC, but for future reference, the
device in question was /dev/input device that was passed through via
qemu:arg.
Anything that's under qemu:arg is opaque to libvirt, it's not inspected
by libvirt in any way and thus if it happens to be a device that needs
to be allowed in CGroups, well bad luck. What should be used is proper
XML representation. If there is none, please do open an RFE as
documented in command line passhtrough:
https://libvirt.org/drvqemu.html#qemucommand
In this specific case, the following XML can be used:
<input type='passthrough' bus='virtio'>
<source evdev='/dev/input/XXX'/>
</input>
However, what might be missing is that currently libvirt does not
support 'grab_all=on,repeat=on'. But we should file an RFE for that.
Michal