Skip to content

Commit

Permalink
KVM: remove CAP_SYS_RAWIO requirement from kvm_vm_ioctl_assign_irq
Browse files Browse the repository at this point in the history 
Remove this check in an effort to allow kvm guests to run without
root privileges.  This capability check doesn't seem to add any
security since the device needs to have already been added via the
assign device ioctl and the io actually occurs through the pci
sysfs interface.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
  • Loading branch information
@awilliam @avikivity
awilliam authored and avikivity committed Aug 1, 2010
1 parent aad8270 commit 48bb09e
Showing 1 changed file with 0 additions and 3 deletions.
3 changes: 0 additions & 3 deletions virt/kvm/assigned-dev.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -448,9 +448,6 @@ static int kvm_vm_ioctl_assign_irq(struct kvm *kvm,
struct kvm_assigned_dev_kernel *match;
unsigned long host_irq_type, guest_irq_type;

if (!capable(CAP_SYS_RAWIO))
return -EPERM;

if (!irqchip_in_kernel(kvm))
return r;

Expand Down

0 comments on commit 48bb09e

Please sign in to comment.