9:29 a.m.
Since commit 47e5b5ae virCgroupAllowDevice allows to pass -1 as either
the minor or major device number and it automatically uses '*' in place
of that. Reuse the new approach through the code and drop the duplicated
functions.
---
src/libvirt_private.syms | 2 --
src/lxc/lxc_cgroup.c | 4 +--
src/qemu/qemu_cgroup.c | 8 ++---
src/util/vircgroup.c | 94 ------------------------------------------------
src/util/vircgroup.h | 8 -----
5 files changed, 6 insertions(+), 110 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 4cfaed5..dc692ca 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1189,7 +1189,6 @@ virCgroupAddTask;
virCgroupAddTaskController;
virCgroupAllowAllDevices;
virCgroupAllowDevice;
-virCgroupAllowDeviceMajor;
virCgroupAllowDevicePath;
virCgroupAvailable;
virCgroupBindMount;
@@ -1198,7 +1197,6 @@ virCgroupControllerTypeFromString;
virCgroupControllerTypeToString;
virCgroupDenyAllDevices;
virCgroupDenyDevice;
-virCgroupDenyDeviceMajor;
virCgroupDenyDevicePath;
virCgroupDetectMountsFromFile;
virCgroupFree;
diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index 3148946..60805af 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -466,8 +466,8 @@ static int virLXCCgroupSetupDeviceACL(virDomainDefPtr def,
}
}
- if (virCgroupAllowDeviceMajor(cgroup, 'c', LXC_DEV_MAJ_PTY,
- VIR_CGROUP_DEVICE_RWM) < 0)
+ if (virCgroupAllowDevice(cgroup, 'c', LXC_DEV_MAJ_PTY, -1,
+ VIR_CGROUP_DEVICE_RWM) < 0)
goto cleanup;
VIR_DEBUG("Device whitelist complete");
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 7579f42..5a4cd55 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -558,8 +558,8 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver,
goto cleanup;
}
- rv = virCgroupAllowDeviceMajor(priv->cgroup, 'c', DEVICE_PTY_MAJOR,
- VIR_CGROUP_DEVICE_RW);
+ rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_PTY_MAJOR, -1,
+ VIR_CGROUP_DEVICE_RW);
virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_PTY_MAJOR,
"pty", "rw", rv == 0);
if (rv < 0)
@@ -576,8 +576,8 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver,
((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC
&&
cfg->vncAllowHostAudio) ||
(vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL))))) {
- rv = virCgroupAllowDeviceMajor(priv->cgroup, 'c', DEVICE_SND_MAJOR,
- VIR_CGROUP_DEVICE_RW);
+ rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_SND_MAJOR, -1,
+ VIR_CGROUP_DEVICE_RW);
virDomainAuditCgroupMajor(vm, priv->cgroup, "allow",
DEVICE_SND_MAJOR,
"sound", "rw", rv == 0);
if (rv < 0)
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index ab0cd47..a35bac7 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -2981,41 +2981,6 @@ virCgroupAllowDevice(virCgroupPtr group, char type, int major, int
minor,
/**
- * virCgroupAllowDeviceMajor:
- *
- * @group: The cgroup to allow an entire device major type for
- * @type: The device type (i.e., 'c' or 'b')
- * @major: The major number of the device type
- * @perms: Bitwise or of VIR_CGROUP_DEVICE permission bits to allow
- *
- * Returns: 0 on success
- */
-int
-virCgroupAllowDeviceMajor(virCgroupPtr group, char type, int major,
- int perms)
-{
- int ret = -1;
- char *devstr = NULL;
-
- if (virAsprintf(&devstr, "%c %i:* %s", type, major,
- virCgroupGetDevicePermsString(perms)) < 0)
- goto cleanup;
-
- if (virCgroupSetValueStr(group,
- VIR_CGROUP_CONTROLLER_DEVICES,
- "devices.allow",
- devstr) < 0)
- goto cleanup;
-
- ret = 0;
-
- cleanup:
- VIR_FREE(devstr);
- return ret;
-}
-
-
-/**
* virCgroupAllowDevicePath:
*
* @group: The cgroup to allow the device for
@@ -3099,41 +3064,6 @@ virCgroupDenyDevice(virCgroupPtr group, char type, int major, int
minor,
}
-/**
- * virCgroupDenyDeviceMajor:
- *
- * @group: The cgroup to deny an entire device major type for
- * @type: The device type (i.e., 'c' or 'b')
- * @major: The major number of the device type
- * @perms: Bitwise or of VIR_CGROUP_DEVICE permission bits to deny
- *
- * Returns: 0 on success
- */
-int
-virCgroupDenyDeviceMajor(virCgroupPtr group, char type, int major,
- int perms)
-{
- int ret = -1;
- char *devstr = NULL;
-
- if (virAsprintf(&devstr, "%c %i:* %s", type, major,
- virCgroupGetDevicePermsString(perms)) < 0)
- goto cleanup;
-
- if (virCgroupSetValueStr(group,
- VIR_CGROUP_CONTROLLER_DEVICES,
- "devices.deny",
- devstr) < 0)
- goto cleanup;
-
- ret = 0;
-
- cleanup:
- VIR_FREE(devstr);
- return ret;
-}
-
-
int
virCgroupDenyDevicePath(virCgroupPtr group, const char *path, int perms)
{
@@ -4705,18 +4635,6 @@ virCgroupAllowDevice(virCgroupPtr group ATTRIBUTE_UNUSED,
int
-virCgroupAllowDeviceMajor(virCgroupPtr group ATTRIBUTE_UNUSED,
- char type ATTRIBUTE_UNUSED,
- int major ATTRIBUTE_UNUSED,
- int perms ATTRIBUTE_UNUSED)
-{
- virReportSystemError(ENOSYS, "%s",
- _("Control groups not supported on this platform"));
- return -1;
-}
-
-
-int
virCgroupAllowDevicePath(virCgroupPtr group ATTRIBUTE_UNUSED,
const char *path ATTRIBUTE_UNUSED,
int perms ATTRIBUTE_UNUSED)
@@ -4741,18 +4659,6 @@ virCgroupDenyDevice(virCgroupPtr group ATTRIBUTE_UNUSED,
int
-virCgroupDenyDeviceMajor(virCgroupPtr group ATTRIBUTE_UNUSED,
- char type ATTRIBUTE_UNUSED,
- int major ATTRIBUTE_UNUSED,
- int perms ATTRIBUTE_UNUSED)
-{
- virReportSystemError(ENOSYS, "%s",
- _("Control groups not supported on this platform"));
- return -1;
-}
-
-
-int
virCgroupDenyDevicePath(virCgroupPtr group ATTRIBUTE_UNUSED,
const char *path ATTRIBUTE_UNUSED,
int perms ATTRIBUTE_UNUSED)
diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h
index aeb641c..0f687a5 100644
--- a/src/util/vircgroup.h
+++ b/src/util/vircgroup.h
@@ -220,10 +220,6 @@ int virCgroupAllowDevice(virCgroupPtr group,
int major,
int minor,
int perms);
-int virCgroupAllowDeviceMajor(virCgroupPtr group,
- char type,
- int major,
- int perms);
int virCgroupAllowDevicePath(virCgroupPtr group,
const char *path,
int perms);
@@ -233,10 +229,6 @@ int virCgroupDenyDevice(virCgroupPtr group,
int major,
int minor,
int perms);
-int virCgroupDenyDeviceMajor(virCgroupPtr group,
- char type,
- int major,
- int perms);
int virCgroupDenyDevicePath(virCgroupPtr group,
const char *path,
int perms);
--
2.6.2