|
|
c480ed |
From 4cf3b3d335b83b5feb49e71775b6a8f1fddbbce9 Mon Sep 17 00:00:00 2001
|
|
|
c480ed |
Message-Id: <4cf3b3d335b83b5feb49e71775b6a8f1fddbbce9@dist-git>
|
|
|
c480ed |
From: Pavel Hrdina <phrdina@redhat.com>
|
|
|
c480ed |
Date: Mon, 1 Jul 2019 17:06:55 +0200
|
|
|
c480ed |
Subject: [PATCH] vircgroup: extract virCgroupV1(Allow|Deny)AllDevices
|
|
|
c480ed |
MIME-Version: 1.0
|
|
|
c480ed |
Content-Type: text/plain; charset=UTF-8
|
|
|
c480ed |
Content-Transfer-Encoding: 8bit
|
|
|
c480ed |
|
|
|
c480ed |
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
c480ed |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
c480ed |
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
|
c480ed |
(cherry picked from commit fd9a0368b91c425f860115c0451067ee917574d1)
|
|
|
c480ed |
|
|
|
c480ed |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1689297
|
|
|
c480ed |
|
|
|
c480ed |
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
|
|
c480ed |
Message-Id: <cec0c47305736e9da14175d4002509b5583e4ab0.1561993100.git.phrdina@redhat.com>
|
|
|
c480ed |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
c480ed |
---
|
|
|
c480ed |
src/util/vircgroup.c | 18 ++----------------
|
|
|
c480ed |
src/util/vircgroupbackend.h | 9 +++++++++
|
|
|
c480ed |
src/util/vircgroupv1.c | 31 +++++++++++++++++++++++++++++++
|
|
|
c480ed |
3 files changed, 42 insertions(+), 16 deletions(-)
|
|
|
c480ed |
|
|
|
c480ed |
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
|
|
|
c480ed |
index a30fc6241d..67c68f3dc6 100644
|
|
|
c480ed |
--- a/src/util/vircgroup.c
|
|
|
c480ed |
+++ b/src/util/vircgroup.c
|
|
|
c480ed |
@@ -1822,10 +1822,7 @@ virCgroupGetCpusetCpus(virCgroupPtr group, char **cpus)
|
|
|
c480ed |
int
|
|
|
c480ed |
virCgroupDenyAllDevices(virCgroupPtr group)
|
|
|
c480ed |
{
|
|
|
c480ed |
- return virCgroupSetValueStr(group,
|
|
|
c480ed |
- VIR_CGROUP_CONTROLLER_DEVICES,
|
|
|
c480ed |
- "devices.deny",
|
|
|
c480ed |
- "a");
|
|
|
c480ed |
+ VIR_CGROUP_BACKEND_CALL(group, denyAllDevices, -1);
|
|
|
c480ed |
}
|
|
|
c480ed |
|
|
|
c480ed |
/**
|
|
|
c480ed |
@@ -1845,18 +1842,7 @@ virCgroupDenyAllDevices(virCgroupPtr group)
|
|
|
c480ed |
int
|
|
|
c480ed |
virCgroupAllowAllDevices(virCgroupPtr group, int perms)
|
|
|
c480ed |
{
|
|
|
c480ed |
- int ret = -1;
|
|
|
c480ed |
-
|
|
|
c480ed |
- if (virCgroupAllowDevice(group, 'b', -1, -1, perms) < 0)
|
|
|
c480ed |
- goto cleanup;
|
|
|
c480ed |
-
|
|
|
c480ed |
- if (virCgroupAllowDevice(group, 'c', -1, -1, perms) < 0)
|
|
|
c480ed |
- goto cleanup;
|
|
|
c480ed |
-
|
|
|
c480ed |
- ret = 0;
|
|
|
c480ed |
-
|
|
|
c480ed |
- cleanup:
|
|
|
c480ed |
- return ret;
|
|
|
c480ed |
+ VIR_CGROUP_BACKEND_CALL(group, allowAllDevices, -1, perms);
|
|
|
c480ed |
}
|
|
|
c480ed |
|
|
|
c480ed |
|
|
|
c480ed |
diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h
|
|
|
c480ed |
index 04897b5895..436c83f6fa 100644
|
|
|
c480ed |
--- a/src/util/vircgroupbackend.h
|
|
|
c480ed |
+++ b/src/util/vircgroupbackend.h
|
|
|
c480ed |
@@ -269,6 +269,13 @@ typedef int
|
|
|
c480ed |
int minor,
|
|
|
c480ed |
int perms);
|
|
|
c480ed |
|
|
|
c480ed |
+typedef int
|
|
|
c480ed |
+(*virCgroupAllowAllDevicesCB)(virCgroupPtr group,
|
|
|
c480ed |
+ int perms);
|
|
|
c480ed |
+
|
|
|
c480ed |
+typedef int
|
|
|
c480ed |
+(*virCgroupDenyAllDevicesCB)(virCgroupPtr group);
|
|
|
c480ed |
+
|
|
|
c480ed |
struct _virCgroupBackend {
|
|
|
c480ed |
virCgroupBackendType type;
|
|
|
c480ed |
|
|
|
c480ed |
@@ -321,6 +328,8 @@ struct _virCgroupBackend {
|
|
|
c480ed |
|
|
|
c480ed |
virCgroupAllowDeviceCB allowDevice;
|
|
|
c480ed |
virCgroupDenyDeviceCB denyDevice;
|
|
|
c480ed |
+ virCgroupAllowAllDevicesCB allowAllDevices;
|
|
|
c480ed |
+ virCgroupDenyAllDevicesCB denyAllDevices;
|
|
|
c480ed |
};
|
|
|
c480ed |
typedef struct _virCgroupBackend virCgroupBackend;
|
|
|
c480ed |
typedef virCgroupBackend *virCgroupBackendPtr;
|
|
|
c480ed |
diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c
|
|
|
c480ed |
index 02cd7ab956..34393812d2 100644
|
|
|
c480ed |
--- a/src/util/vircgroupv1.c
|
|
|
c480ed |
+++ b/src/util/vircgroupv1.c
|
|
|
c480ed |
@@ -1737,6 +1737,35 @@ virCgroupV1DenyDevice(virCgroupPtr group,
|
|
|
c480ed |
}
|
|
|
c480ed |
|
|
|
c480ed |
|
|
|
c480ed |
+static int
|
|
|
c480ed |
+virCgroupV1AllowAllDevices(virCgroupPtr group,
|
|
|
c480ed |
+ int perms)
|
|
|
c480ed |
+{
|
|
|
c480ed |
+ int ret = -1;
|
|
|
c480ed |
+
|
|
|
c480ed |
+ if (virCgroupV1AllowDevice(group, 'b', -1, -1, perms) < 0)
|
|
|
c480ed |
+ goto cleanup;
|
|
|
c480ed |
+
|
|
|
c480ed |
+ if (virCgroupV1AllowDevice(group, 'c', -1, -1, perms) < 0)
|
|
|
c480ed |
+ goto cleanup;
|
|
|
c480ed |
+
|
|
|
c480ed |
+ ret = 0;
|
|
|
c480ed |
+
|
|
|
c480ed |
+ cleanup:
|
|
|
c480ed |
+ return ret;
|
|
|
c480ed |
+}
|
|
|
c480ed |
+
|
|
|
c480ed |
+
|
|
|
c480ed |
+static int
|
|
|
c480ed |
+virCgroupV1DenyAllDevices(virCgroupPtr group)
|
|
|
c480ed |
+{
|
|
|
c480ed |
+ return virCgroupSetValueStr(group,
|
|
|
c480ed |
+ VIR_CGROUP_CONTROLLER_DEVICES,
|
|
|
c480ed |
+ "devices.deny",
|
|
|
c480ed |
+ "a");
|
|
|
c480ed |
+}
|
|
|
c480ed |
+
|
|
|
c480ed |
+
|
|
|
c480ed |
virCgroupBackend virCgroupV1Backend = {
|
|
|
c480ed |
.type = VIR_CGROUP_BACKEND_TYPE_V1,
|
|
|
c480ed |
|
|
|
c480ed |
@@ -1787,6 +1816,8 @@ virCgroupBackend virCgroupV1Backend = {
|
|
|
c480ed |
|
|
|
c480ed |
.allowDevice = virCgroupV1AllowDevice,
|
|
|
c480ed |
.denyDevice = virCgroupV1DenyDevice,
|
|
|
c480ed |
+ .allowAllDevices = virCgroupV1AllowAllDevices,
|
|
|
c480ed |
+ .denyAllDevices = virCgroupV1DenyAllDevices,
|
|
|
c480ed |
};
|
|
|
c480ed |
|
|
|
c480ed |
|
|
|
c480ed |
--
|
|
|
c480ed |
2.22.0
|
|
|
c480ed |
|