[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma'
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH v3 for-1.7] rdma: rename 'x-rdma' => 'rdma' |
Date: |
Sat, 16 Nov 2013 10:32:45 +0000 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Fri, Nov 15, 2013 at 12:25:30PM -0700, Eric Blake wrote:
> On 11/15/2013 10:40 AM, Michael R. Hines wrote:
> >
> > This is unrelated to RDMA - accessing the /dev/infiniband
> > device nodes is already supported by libvirt my modifying
> > the configuration file in /etc and that works just fine.
>
> http://wiki.qemu.org/Features/RDMALiveMigration states that you modify
> the .conf file to expose /dev/infiniband/rdma_cm and friends. Are all
> of these devices read/write accessible to non-root? Or is there going
> to be a problem if using user="qemu" group="qemu"? (That is, merely
> exposing the devices through cgroup device ACL checking may be
> insufficient if you can't access the devices when not running root/root).
>
> Libvirt can be patched so that the .conf file does not have to be edited
> (ie. change the defaults so that if cgroup_device_acl is not present in
> the conf file, the defaults could still let a domainaccess the
> /dev/infiniband devices).
There's also an SELinux question to deal with there. If multiple QEMUs
need concurrent access we can't do a selective grant of the device just
when migration is running - we would have to give all QEMU's access
all the time. This would be a case where doing FD passing of the
pre-opened devices might be a better option. It depends on what the
downsides are to giving QEMU access to the devices unconditionally.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|