[libvirt] [PATCH v4 07/14] qemu_cgroup: Allow /dev/mapper/control for PR
Just like in previous commit, qemu-pr-helper might want to open
/dev/mapper/control under certain circumstances. Therefore we
have to allow it in cgroups.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_cgroup.c | 33 ++++++++++++++++++++++++++++++---
src/util/virdevmapper.c | 8 +++++++-
2 files changed, 37 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index d88eb7881f..546a4c8e63 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -114,6 +114,8 @@ qemuSetupImagePathCgroup(virDomainObjPtr vm,
}
+#define DEVICE_MAPPER_CONTROL_PATH "/dev/mapper/control"
+
static int
qemuSetupImageCgroupInternal(virDomainObjPtr vm,
virStorageSourcePtr src,
@@ -125,6 +127,10 @@ qemuSetupImageCgroupInternal(virDomainObjPtr vm,
return 0;
}
+ if (virStoragePRDefIsManaged(src->pr) &&
+ qemuSetupImagePathCgroup(vm, DEVICE_MAPPER_CONTROL_PATH, false) < 0)
+ return -1;
+
return qemuSetupImagePathCgroup(vm, src->path, src->readonly ||
forceReadonly);
}
@@ -142,9 +148,8 @@ qemuTeardownImageCgroup(virDomainObjPtr vm,
virStorageSourcePtr src)
{
qemuDomainObjPrivatePtr priv = vm->privateData;
- int perms = VIR_CGROUP_DEVICE_READ |
- VIR_CGROUP_DEVICE_WRITE |
- VIR_CGROUP_DEVICE_MKNOD;
+ int perms = VIR_CGROUP_DEVICE_RWM;
+ size_t i;
int ret;
if (!virCgroupHasController(priv->cgroup,
@@ -157,6 +162,28 @@ qemuTeardownImageCgroup(virDomainObjPtr vm,
return 0;
}
+ for (i = 0; i < vm->def->ndisks; i++) {
+ virStorageSourcePtr diskSrc = vm->def->disks[i]->src;
+
+ if (src == diskSrc)
+ continue;
+
+ if (virStoragePRDefIsManaged(diskSrc->pr))
+ break;
+ }
+
+ if (i == vm->def->ndisks) {
+ VIR_DEBUG("Disabling device mapper control");
+ ret = virCgroupDenyDevicePath(priv->cgroup,
+ DEVICE_MAPPER_CONTROL_PATH, perms, true);
+ virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
+ DEVICE_MAPPER_CONTROL_PATH,
+ virCgroupGetDevicePermsString(perms), ret);
+ if (ret < 0)
+ return ret;
+ }
+
+
VIR_DEBUG("Deny path %s", src->path);
ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms, true);
diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
index d2c25af003..ef4b1e480a 100644
--- a/src/util/virdevmapper.c
+++ b/src/util/virdevmapper.c
@@ -101,8 +101,14 @@ virDevMapperGetTargetsImpl(const char *path,
dm_task_no_open_count(dmt);
- if (!dm_task_run(dmt))
+ if (!dm_task_run(dmt)) {
+ if (errno == ENXIO) {
+ /* In some cases devmapper realizes this late device
+ * is not managed by it. */
+ ret = 0;
+ }
goto cleanup;
+ }
if (!dm_task_get_info(dmt, &info))
goto cleanup;
--
2.16.1