On Mon, Nov 7, 2016 at 1:20 PM, Daniel P. Berrange <berra...@redhat.com> wrote:
> So if libvirt creates a private mount namespace for each QEMU and mounts > a custom /dev there, this is invisible to udev, and thus udev won't/can't > mess with permissions we set in our private /dev. > > For hotplug, the libvirt QEMU would do the same as the libvirt LXC driver > currently does. It would fork and setns() into the QEMU mount namespace > and run mknod()+chmod() there, before doing the rest of its normal hotplug > logic. See lxcDomainAttachDeviceMknodHelper() for what LXC does. We try to migrate people away from using mknod and messing with /dev/ from user-space. For example, we had to deal with non-trivial problems wrt. mknod and Veritas storage stack in the past (most of these issues remain unsolved to date). I don't like to hear that you plan to get into /dev management business in libvirt too. I am judging based on past experiences, nevertheless, I don't like this plan. Also, managing separate mount namespace for each qemu process and forking helper that joins the namespace to do some work seems quite complex too. Michal _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
