KVM: remove CAP_SYS_RAWIO requirement from kvm_vm_ioctl_assign_irq

Remove this check in an effort to allow kvm guests to run without root privileges. This capability check doesn't seem to add any security since the device needs to have already been added via the assign device ioctl and the io actually occurs through the pci sysfs interface. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

KVM: remove CAP_SYS_RAWIO requirement from kvm_vm_ioctl_assign_irq
Remove this check in an effort to allow kvm guests to run without root privileges. This capability check doesn't seem to add any security since the device needs to have already been added via the assign device ioctl and the io actually occurs through the pci sysfs interface. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Alex Williamson · Avi Kivity
1 parent aad827034e
Showing 1 changed file with 0 additions and 3 deletions Side-by-side Diff
virt/kvm/assigned-dev.c
@@ -448,9 +448,6 @@
 	struct kvm_assigned_dev_kernel *match;
 	unsigned long host_irq_type, guest_irq_type;
  
-	if (!capable(CAP_SYS_RAWIO))
-		return -EPERM;
-
 	if (!irqchip_in_kernel(kvm))
 		return r;
...	...	@@ -448,9 +448,6 @@
448	448	struct kvm_assigned_dev_kernel *match;
449	449	unsigned long host_irq_type, guest_irq_type;
450	450
451		- if (!capable(CAP_SYS_RAWIO))
452		- return -EPERM;
453		-
454	451	if (!irqchip_in_kernel(kvm))
455	452	return r;
456	453