10:45 a.m.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/util/vircgroup.c | 68 +++++++-----------------------------
src/util/vircgroupbackend.h | 17 +++++++++
src/util/vircgroupv1.c | 69 +++++++++++++++++++++++++++++++++++++
3 files changed, 98 insertions(+), 56 deletions(-)
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index 38a30b759f..8a54437dfa 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -1877,29 +1877,7 @@ int
virCgroupAllowDevice(virCgroupPtr group, char type, int major, int minor,
int perms)
{
- VIR_AUTOFREE(char *) devstr = NULL;
- VIR_AUTOFREE(char *) majorstr = NULL;
- VIR_AUTOFREE(char *) minorstr = NULL;
-
- if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
- (major >= 0 && virAsprintf(&majorstr, "%i", major) <
0))
- return -1;
-
- if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
- (minor >= 0 && virAsprintf(&minorstr, "%i", minor) <
0))
- return -1;
-
- if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
- virCgroupGetDevicePermsString(perms)) < 0)
- return -1;
-
- if (virCgroupSetValueStr(group,
- VIR_CGROUP_CONTROLLER_DEVICES,
- "devices.allow",
- devstr) < 0)
- return -1;
-
- return 0;
+ VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1, type, major, minor, perms);
}
@@ -1938,11 +1916,11 @@ virCgroupAllowDevicePath(virCgroupPtr group,
if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))
return 1;
- return virCgroupAllowDevice(group,
- S_ISCHR(sb.st_mode) ? 'c' : 'b',
- major(sb.st_rdev),
- minor(sb.st_rdev),
- perms);
+ VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1,
+ S_ISCHR(sb.st_mode) ? 'c' : 'b',
+ major(sb.st_rdev),
+ minor(sb.st_rdev),
+ perms);
}
@@ -1961,29 +1939,7 @@ int
virCgroupDenyDevice(virCgroupPtr group, char type, int major, int minor,
int perms)
{
- VIR_AUTOFREE(char *) devstr = NULL;
- VIR_AUTOFREE(char *) majorstr = NULL;
- VIR_AUTOFREE(char *) minorstr = NULL;
-
- if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
- (major >= 0 && virAsprintf(&majorstr, "%i", major) <
0))
- return -1;
-
- if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
- (minor >= 0 && virAsprintf(&minorstr, "%i", minor) <
0))
- return -1;
-
- if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
- virCgroupGetDevicePermsString(perms)) < 0)
- return -1;
-
- if (virCgroupSetValueStr(group,
- VIR_CGROUP_CONTROLLER_DEVICES,
- "devices.deny",
- devstr) < 0)
- return -1;
-
- return 0;
+ VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1, type, major, minor, perms);
}
@@ -2022,11 +1978,11 @@ virCgroupDenyDevicePath(virCgroupPtr group,
if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))
return 1;
- return virCgroupDenyDevice(group,
- S_ISCHR(sb.st_mode) ? 'c' : 'b',
- major(sb.st_rdev),
- minor(sb.st_rdev),
- perms);
+ VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1,
+ S_ISCHR(sb.st_mode) ? 'c' : 'b',
+ major(sb.st_rdev),
+ minor(sb.st_rdev),
+ perms);
}
diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h
index f5454e41f7..d7250cffdb 100644
--- a/src/util/vircgroupbackend.h
+++ b/src/util/vircgroupbackend.h
@@ -247,6 +247,20 @@ typedef int
(*virCgroupGetMemSwapUsageCB)(virCgroupPtr group,
unsigned long long *kb);
+typedef int
+(*virCgroupAllowDeviceCB)(virCgroupPtr group,
+ char type,
+ int major,
+ int minor,
+ int perms);
+
+typedef int
+(*virCgroupDenyDeviceCB)(virCgroupPtr group,
+ char type,
+ int major,
+ int minor,
+ int perms);
+
struct _virCgroupBackend {
virCgroupBackendType type;
@@ -296,6 +310,9 @@ struct _virCgroupBackend {
virCgroupSetMemSwapHardLimitCB setMemSwapHardLimit;
virCgroupGetMemSwapHardLimitCB getMemSwapHardLimit;
virCgroupGetMemSwapUsageCB getMemSwapUsage;
+
+ virCgroupAllowDeviceCB allowDevice;
+ virCgroupDenyDeviceCB denyDevice;
};
typedef struct _virCgroupBackend virCgroupBackend;
typedef virCgroupBackend *virCgroupBackendPtr;
diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c
index 936cf1b1f5..9ac0ef555c 100644
--- a/src/util/vircgroupv1.c
+++ b/src/util/vircgroupv1.c
@@ -1665,6 +1665,72 @@ virCgroupV1GetMemSwapUsage(virCgroupPtr group,
}
+static int
+virCgroupV1AllowDevice(virCgroupPtr group,
+ char type,
+ int major,
+ int minor,
+ int perms)
+{
+ VIR_AUTOFREE(char *) devstr = NULL;
+ VIR_AUTOFREE(char *) majorstr = NULL;
+ VIR_AUTOFREE(char *) minorstr = NULL;
+
+ if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
+ (major >= 0 && virAsprintf(&majorstr, "%i", major) <
0))
+ return -1;
+
+ if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
+ (minor >= 0 && virAsprintf(&minorstr, "%i", minor) <
0))
+ return -1;
+
+ if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
+ virCgroupGetDevicePermsString(perms)) < 0)
+ return -1;
+
+ if (virCgroupSetValueStr(group,
+ VIR_CGROUP_CONTROLLER_DEVICES,
+ "devices.allow",
+ devstr) < 0)
+ return -1;
+
+ return 0;
+}
+
+
+static int
+virCgroupV1DenyDevice(virCgroupPtr group,
+ char type,
+ int major,
+ int minor,
+ int perms)
+{
+ VIR_AUTOFREE(char *) devstr = NULL;
+ VIR_AUTOFREE(char *) majorstr = NULL;
+ VIR_AUTOFREE(char *) minorstr = NULL;
+
+ if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
+ (major >= 0 && virAsprintf(&majorstr, "%i", major) <
0))
+ return -1;
+
+ if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
+ (minor >= 0 && virAsprintf(&minorstr, "%i", minor) <
0))
+ return -1;
+
+ if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
+ virCgroupGetDevicePermsString(perms)) < 0)
+ return -1;
+
+ if (virCgroupSetValueStr(group,
+ VIR_CGROUP_CONTROLLER_DEVICES,
+ "devices.deny",
+ devstr) < 0)
+ return -1;
+
+ return 0;
+}
+
+
virCgroupBackend virCgroupV1Backend = {
.type = VIR_CGROUP_BACKEND_TYPE_V1,
@@ -1712,6 +1778,9 @@ virCgroupBackend virCgroupV1Backend = {
.setMemSwapHardLimit = virCgroupV1SetMemSwapHardLimit,
.getMemSwapHardLimit = virCgroupV1GetMemSwapHardLimit,
.getMemSwapUsage = virCgroupV1GetMemSwapUsage,
+
+ .allowDevice = virCgroupV1AllowDevice,
+ .denyDevice = virCgroupV1DenyDevice,
};
--
2.17.1