RE: udmabuf error with libvirt + QEMU

Tue, 01 Feb 2022 06:55:00 -0800 

Hi Daniel,

You're right , /dev/udmabuf is required for GTK display for GL support. I agree 
passing the device using qemu:arg breaks the security confinement of Libvirt. 
For our use-case we need to have the GL support, is there any way to specify 
the GTK display option in the Libvirt XML ? or any other alternatives?

Thanks,
Shiv

-----Original Message-----
From: Daniel P. Berrangé <berra...@redhat.com> 
Sent: Tuesday, February 1, 2022 8:11 PM
To: M, Shivakumar <shivakuma...@intel.com>
Cc: libvirt-users@redhat.com
Subject: Re: udmabuf error with libvirt + QEMU

On Tue, Feb 01, 2022 at 02:27:55PM +0000, M, Shivakumar wrote:
> Hi,
> 
> We are seeing an issue with udambuf, where it says "open /dev/udmabuf: No 
> such file or directory " even if the device exits. This issue particularly we 
> are seeing with libvirt. When we run the QEMU args on the command line, 
> everything works as expected.
> It seems to be some permission issue when we use the Libvirt, please help us 
> on resolving this.

When libvirt launches QEMU it puts in place a number of strict security 
protections. Libvirt will grant access on a per-file basis to resources on the 
host that QEMU should be allowed to access based on the device configuration in 
the XML.

In your case though you're using command line passthrough:

>   <qemu:commandline>
>     <qemu:arg value="-device"/>
>     <qemu:arg value="virtio-vga,blob=true"/>
>     <qemu:arg value="-display"/>
>     <qemu:arg value="gtk,gl=on"/>
>     <qemu:env name="DISPLAY" value=":1.0"/>
>   </qemu:commandline>

This is totally opaque to libvirt and so libvirt won't be granting access to 
any resources needed by these args. I'm assuming /dev/udmabuf is needed by the 
GTK display for GL support, or something along those lines.

For further information about your options please consult this page:

  https://libvirt.org/kbase/qemu-passthrough-security.html

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Reply via email to