On Tue, Sep 18, 2018 at 5:45 PM, Pavel Hrdina <phrd...@redhat.com> wrote:
> Signed-off-by: Pavel Hrdina <phrd...@redhat.com> > Reviewed-by: Fabiano Fidêncio <fiden...@redhat.com> > --- > src/util/vircgroup.c | 68 +++++++----------------------------- > src/util/vircgroupbackend.h | 17 +++++++++ > src/util/vircgroupv1.c | 69 +++++++++++++++++++++++++++++++++++++ > 3 files changed, 98 insertions(+), 56 deletions(-) > > diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c > index 38a30b759f..8a54437dfa 100644 > --- a/src/util/vircgroup.c > +++ b/src/util/vircgroup.c > @@ -1877,29 +1877,7 @@ int > virCgroupAllowDevice(virCgroupPtr group, char type, int major, int minor, > int perms) > { > - VIR_AUTOFREE(char *) devstr = NULL; > - VIR_AUTOFREE(char *) majorstr = NULL; > - VIR_AUTOFREE(char *) minorstr = NULL; > - > - if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) || > - (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0)) > - return -1; > - > - if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) || > - (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0)) > - return -1; > - > - if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr, > - virCgroupGetDevicePermsString(perms)) < 0) > - return -1; > - > - if (virCgroupSetValueStr(group, > - VIR_CGROUP_CONTROLLER_DEVICES, > - "devices.allow", > - devstr) < 0) > - return -1; > - > - return 0; > + VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1, type, major, minor, > perms); > } > > > @@ -1938,11 +1916,11 @@ virCgroupAllowDevicePath(virCgroupPtr group, > if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode)) > return 1; > > - return virCgroupAllowDevice(group, > - S_ISCHR(sb.st_mode) ? 'c' : 'b', > - major(sb.st_rdev), > - minor(sb.st_rdev), > - perms); > + VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1, > + S_ISCHR(sb.st_mode) ? 'c' : 'b', > + major(sb.st_rdev), > + minor(sb.st_rdev), > + perms); > } > > > @@ -1961,29 +1939,7 @@ int > virCgroupDenyDevice(virCgroupPtr group, char type, int major, int minor, > int perms) > { > - VIR_AUTOFREE(char *) devstr = NULL; > - VIR_AUTOFREE(char *) majorstr = NULL; > - VIR_AUTOFREE(char *) minorstr = NULL; > - > - if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) || > - (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0)) > - return -1; > - > - if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) || > - (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0)) > - return -1; > - > - if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr, > - virCgroupGetDevicePermsString(perms)) < 0) > - return -1; > - > - if (virCgroupSetValueStr(group, > - VIR_CGROUP_CONTROLLER_DEVICES, > - "devices.deny", > - devstr) < 0) > - return -1; > - > - return 0; > + VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1, type, major, minor, > perms); > } > > > @@ -2022,11 +1978,11 @@ virCgroupDenyDevicePath(virCgroupPtr group, > if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode)) > return 1; > > - return virCgroupDenyDevice(group, > - S_ISCHR(sb.st_mode) ? 'c' : 'b', > - major(sb.st_rdev), > - minor(sb.st_rdev), > - perms); > + VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1, > + S_ISCHR(sb.st_mode) ? 'c' : 'b', > + major(sb.st_rdev), > + minor(sb.st_rdev), > + perms); > } > > > diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h > index f5454e41f7..d7250cffdb 100644 > --- a/src/util/vircgroupbackend.h > +++ b/src/util/vircgroupbackend.h > @@ -247,6 +247,20 @@ typedef int > (*virCgroupGetMemSwapUsageCB)(virCgroupPtr group, > unsigned long long *kb); > > +typedef int > +(*virCgroupAllowDeviceCB)(virCgroupPtr group, > + char type, > + int major, > + int minor, > + int perms); > + > +typedef int > +(*virCgroupDenyDeviceCB)(virCgroupPtr group, > + char type, > + int major, > + int minor, > + int perms); > + > struct _virCgroupBackend { > virCgroupBackendType type; > > @@ -296,6 +310,9 @@ struct _virCgroupBackend { > virCgroupSetMemSwapHardLimitCB setMemSwapHardLimit; > virCgroupGetMemSwapHardLimitCB getMemSwapHardLimit; > virCgroupGetMemSwapUsageCB getMemSwapUsage; > + > + virCgroupAllowDeviceCB allowDevice; > + virCgroupDenyDeviceCB denyDevice; > }; > typedef struct _virCgroupBackend virCgroupBackend; > typedef virCgroupBackend *virCgroupBackendPtr; > diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c > index 936cf1b1f5..9ac0ef555c 100644 > --- a/src/util/vircgroupv1.c > +++ b/src/util/vircgroupv1.c > @@ -1665,6 +1665,72 @@ virCgroupV1GetMemSwapUsage(virCgroupPtr group, > } > > > +static int > +virCgroupV1AllowDevice(virCgroupPtr group, > + char type, > + int major, > + int minor, > + int perms) > +{ > + VIR_AUTOFREE(char *) devstr = NULL; > + VIR_AUTOFREE(char *) majorstr = NULL; > + VIR_AUTOFREE(char *) minorstr = NULL; > + > + if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) || > + (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0)) > + return -1; > + > + if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) || > + (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0)) > + return -1; > + > + if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr, > + virCgroupGetDevicePermsString(perms)) < 0) > + return -1; > + > + if (virCgroupSetValueStr(group, > + VIR_CGROUP_CONTROLLER_DEVICES, > + "devices.allow", > + devstr) < 0) > + return -1; > + > + return 0; > +} > + > + > +static int > +virCgroupV1DenyDevice(virCgroupPtr group, > + char type, > + int major, > + int minor, > + int perms) > +{ > + VIR_AUTOFREE(char *) devstr = NULL; > + VIR_AUTOFREE(char *) majorstr = NULL; > + VIR_AUTOFREE(char *) minorstr = NULL; > + > + if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) || > + (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0)) > + return -1; > + > + if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) || > + (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0)) > + return -1; > + > + if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr, > + virCgroupGetDevicePermsString(perms)) < 0) > + return -1; > + > + if (virCgroupSetValueStr(group, > + VIR_CGROUP_CONTROLLER_DEVICES, > + "devices.deny", > + devstr) < 0) > + return -1; > + > + return 0; > +} > + > + > virCgroupBackend virCgroupV1Backend = { > .type = VIR_CGROUP_BACKEND_TYPE_V1, > > @@ -1712,6 +1778,9 @@ virCgroupBackend virCgroupV1Backend = { > .setMemSwapHardLimit = virCgroupV1SetMemSwapHardLimit, > .getMemSwapHardLimit = virCgroupV1GetMemSwapHardLimit, > .getMemSwapUsage = virCgroupV1GetMemSwapUsage, > + > + .allowDevice = virCgroupV1AllowDevice, > + .denyDevice = virCgroupV1DenyDevice, > }; > > > -- > 2.17.1 > > -- > libvir-list mailing list > libvir-list@redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list >
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list