On 11/11/2023 8:18 pm, David Woodhouse wrote: > On 11 November 2023 08:43:40 GMT-05:00, Andrew Cooper > <andrew.coop...@citrix.com> wrote: >> Furthermore, the control domain doesn't always have the domid of 0. >> >> If qemu wants/needs to make changes like this, the control domain has to >> arrange for qemu's domain to have appropriate permissions on the nodes. > Right. And that's simple enough: if you are running QEMU in a domain which > doesn't have permission to create the backend directory and/or the frontend > nodes, don't ask it to *create* devices. In that case it is only able to > connect as the backend for devices which were created *for* it by the > toolstack. > > The criterion used in this patch series should be "did QEMU create this > device, or discover it". >
Yeah, that sounds like the right approach. ~Andrew
