virt-host-validate: fix detection with cgroups v2

Using virtCgroupNewSelf() is not correct with cgroups v2 because the the virt-host-validate process is executed from from the same cgroup context as the terminal and usually not all controllers are enabled by default. To do a proper check we need to use the root cgroup to see what controllers are actually available. Libvirt or systemd ensures that all controllers are available for VMs as well. This still doesn't solve the devices controller with cgroups v2 where there is no controller as it was replaced by eBPF. Currently libvirt tries to query eBPF programs which usually works only for root as regular users will get permission denied for that operation. Fixes: https://gitlab.com/libvirt/libvirt/-/issues/94 Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2025-02-01 17:35:17 +00:00 · 2020-11-18 13:08:22 +01:00 · 2020-11-18 13:08:22 +01:00 · 126cb34a20
commit 126cb34a20
parent e289ffa23d
4 changed files with 6 additions and 5 deletions
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@ -1796,6 +1796,7 @@ virCgroupHasController;
 virCgroupHasEmptyTasks;
 virCgroupKillPainfully;
 virCgroupKillRecursive;
+virCgroupNew;
 virCgroupNewDetect;
 virCgroupNewDetectMachine;
 virCgroupNewDomainPartition;
--- a/src/util/vircgroup.h
+++ b/src/util/vircgroup.h
@ -60,6 +60,10 @@ typedef enum {

 bool virCgroupAvailable(void);

+int virCgroupNew(const char *path,
+                 int controllers,
+                 virCgroupPtr *group);
+
 int virCgroupNewSelf(virCgroupPtr *group)
    ATTRIBUTE_NONNULL(1);

--- a/src/util/vircgrouppriv.h
+++ b/src/util/vircgrouppriv.h
@ -110,10 +110,6 @@ int virCgroupGetValueForBlkDev(const char *str,
                               const char *devPath,
                               char **value);

-int virCgroupNew(const char *path,
-                 int controllers,
-                 virCgroupPtr *group);
-
 int virCgroupNewPartition(const char *path,
                          bool create,
                          int controllers,
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@ -293,7 +293,7 @@ int virHostValidateCGroupControllers(const char *hvname,
    int ret = 0;
    size_t i;

-    if (virCgroupNewSelf(&group) < 0)
+    if (virCgroupNew("/", -1, &group) < 0)
        return -1;

    for (i = 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) {