6:29 a.m.
Cgroups code uses VIR_CGROUP_DEVICE_* flags to specify the mode but in
the end it needs to be converted to a string. Add a helper to do it and
use it in the cgroup code before introducing it into the rest of the
code.
---
src/libvirt_private.syms | 1 +
src/util/vircgroup.c | 62 +++++++++++++++++++++++++++++++++++-------------
src/util/vircgroup.h | 2 ++
3 files changed, 49 insertions(+), 16 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 9838dfa..0bc4853 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1058,6 +1058,7 @@ virCgroupGetCpuCfsQuota;
virCgroupGetCpusetCpus;
virCgroupGetCpusetMems;
virCgroupGetCpuShares;
+virCgroupGetDevicePermsString;
virCgroupGetDomainTotalCpuStats;
virCgroupGetFreezerState;
virCgroupGetMemoryHardLimit;
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index c578bd0..2eaf265 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -2624,6 +2624,44 @@ virCgroupDenyAllDevices(virCgroupPtr group)
/**
+ * virCgroupGetDevicePermsString:
+ *
+ * @perms: Bitwise or of VIR_CGROUP_DEVICE permission bits
+ *
+ * Returns string corresponding to the appropriate bits set.
+ */
+const char *
+virCgroupGetDevicePermsString(int perms)
+{
+ if (perms & VIR_CGROUP_DEVICE_READ) {
+ if (perms & VIR_CGROUP_DEVICE_WRITE) {
+ if (perms & VIR_CGROUP_DEVICE_MKNOD)
+ return "rwm";
+ else
+ return "rw";
+ } else {
+ if (perms & VIR_CGROUP_DEVICE_MKNOD)
+ return "rm";
+ else
+ return "r";
+ }
+ } else {
+ if (perms & VIR_CGROUP_DEVICE_WRITE) {
+ if (perms & VIR_CGROUP_DEVICE_MKNOD)
+ return "wm";
+ else
+ return "w";
+ } else {
+ if (perms & VIR_CGROUP_DEVICE_MKNOD)
+ return "m";
+ else
+ return "";
+ }
+ }
+}
+
+
+/**
* virCgroupAllowDevice:
*
* @group: The cgroup to allow a device for
@@ -2641,10 +2679,8 @@ virCgroupAllowDevice(virCgroupPtr group, char type, int major, int
minor,
int ret = -1;
char *devstr = NULL;
- if (virAsprintf(&devstr, "%c %i:%i %s%s%s", type, major, minor,
- perms & VIR_CGROUP_DEVICE_READ ? "r" : "",
- perms & VIR_CGROUP_DEVICE_WRITE ? "w" : "",
- perms & VIR_CGROUP_DEVICE_MKNOD ? "m" : "")
< 0)
+ if (virAsprintf(&devstr, "%c %i:%i %s", type, major, minor,
+ virCgroupGetDevicePermsString(perms)) < 0)
goto cleanup;
if (virCgroupSetValueStr(group,
@@ -2678,10 +2714,8 @@ virCgroupAllowDeviceMajor(virCgroupPtr group, char type, int
major,
int ret = -1;
char *devstr = NULL;
- if (virAsprintf(&devstr, "%c %i:* %s%s%s", type, major,
- perms & VIR_CGROUP_DEVICE_READ ? "r" : "",
- perms & VIR_CGROUP_DEVICE_WRITE ? "w" : "",
- perms & VIR_CGROUP_DEVICE_MKNOD ? "m" : "")
< 0)
+ if (virAsprintf(&devstr, "%c %i:* %s", type, major,
+ virCgroupGetDevicePermsString(perms)) < 0)
goto cleanup;
if (virCgroupSetValueStr(group,
@@ -2752,10 +2786,8 @@ virCgroupDenyDevice(virCgroupPtr group, char type, int major, int
minor,
int ret = -1;
char *devstr = NULL;
- if (virAsprintf(&devstr, "%c %i:%i %s%s%s", type, major, minor,
- perms & VIR_CGROUP_DEVICE_READ ? "r" : "",
- perms & VIR_CGROUP_DEVICE_WRITE ? "w" : "",
- perms & VIR_CGROUP_DEVICE_MKNOD ? "m" : "")
< 0)
+ if (virAsprintf(&devstr, "%c %i:%i %s", type, major, minor,
+ virCgroupGetDevicePermsString(perms)) < 0)
goto cleanup;
if (virCgroupSetValueStr(group,
@@ -2789,10 +2821,8 @@ virCgroupDenyDeviceMajor(virCgroupPtr group, char type, int major,
int ret = -1;
char *devstr = NULL;
- if (virAsprintf(&devstr, "%c %i:* %s%s%s", type, major,
- perms & VIR_CGROUP_DEVICE_READ ? "r" : "",
- perms & VIR_CGROUP_DEVICE_WRITE ? "w" : "",
- perms & VIR_CGROUP_DEVICE_MKNOD ? "m" : "")
< 0)
+ if (virAsprintf(&devstr, "%c %i:* %s", type, major,
+ virCgroupGetDevicePermsString(perms)) < 0)
goto cleanup;
if (virCgroupSetValueStr(group,
diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h
index 7bb46bf..3ab9f1c 100644
--- a/src/util/vircgroup.h
+++ b/src/util/vircgroup.h
@@ -173,6 +173,8 @@ enum {
VIR_CGROUP_DEVICE_RWM = VIR_CGROUP_DEVICE_RW | VIR_CGROUP_DEVICE_MKNOD,
};
+const char *virCgroupGetDevicePermsString(int perms);
+
int virCgroupDenyAllDevices(virCgroupPtr group);
int virCgroupAllowDevice(virCgroupPtr group,
--
1.9.3