On 11 November 2023 08:43:40 GMT-05:00, Andrew Cooper <andrew.coop...@citrix.com> wrote: >Furthermore, the control domain doesn't always have the domid of 0. > >If qemu wants/needs to make changes like this, the control domain has to >arrange for qemu's domain to have appropriate permissions on the nodes.
Right. And that's simple enough: if you are running QEMU in a domain which doesn't have permission to create the backend directory and/or the frontend nodes, don't ask it to *create* devices. In that case it is only able to connect as the backend for devices which were created *for* it by the toolstack. The criterion used in this patch series should be "did QEMU create this device, or discover it".
