From bc1b2df16f9ac41a8334feeda89dddd8d2b63ed0 Mon Sep 17 00:00:00 2001
Message-Id: <bc1b2df16f9ac41a8334feeda89dddd8d2b63ed0@dist-git>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 18 Feb 2014 15:45:31 -0700
Subject: [PATCH] Don't block use of USB with containers

https://bugzilla.redhat.com/show_bug.cgi?id=1045643
prereq of CVE-2013-6456

virDomainDefCompatibleDevice blocks use of USB if no USB
controller is present. This is not correct for containers
since devices can be assigned directly regardless of any
controllers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 7a44af963ef75c487f874bc91613ad45e5b167e9)
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/conf/domain_conf.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 6359805..9536250 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -17356,6 +17356,7 @@ virDomainDefCompatibleDevice(virDomainDefPtr def,
                              virDomainDeviceDefPtr dev)
 {
     if (!virDomainDefHasUSB(def) &&
+        STRNEQ(def->os.type, "exe") &&
         virDomainDeviceIsUSB(dev)) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                        _("Device configuration is not compatible: "
-- 
1.9.0