日期: 2013-10-31

分类: ['cloud-infra']

CGROUP means Control group. In my case, usb-redir works fine while usb-host not. https://www.kernel.org/doc/Documentation/cgroups/devices.txt

Just do it

# sed -i 's/devices /#devices /'

reboot

Add fine control list

Review the rules to libvirt, and leave all the character device to it

# cgget libvirt To remove "c" device

echo c > /sys/fs/cgroup/libvirt/devices.deny

To add all the "c" devices

echo "c *:* rwm" > /sys/fs/cgroup/libvirt/devices.allow

devices.deny/allow is something like end-point.

About hierarchy

A child will not have more permission than its parent.