External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-11 12:25:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

vircgroup: introduce virCgroupV2AllowAllDevices

Browse Source 
If we want to allow all devices with all permissions we need to replace
any existing program that has any rule configured, otherwise we just
need to add new rule which will for example allow read access to all
devices.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Pavel Hrdina 2019-01-11 14:56:17 +01:00
parent d5b09ce5d9
commit 285aefb31c
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/util/vircgroupv2.c
View File

@ -1807,6 +1807,23 @@ virCgroupV2DenyDevice(virCgroupPtr group,
}
static int
virCgroupV2AllowAllDevices(virCgroupPtr group,
int perms)
{
if (virCgroupV2DevicesPrepareProg(group) < 0)
return -1;
if (group->unified.devices.count > 0 &&
perms == VIR_CGROUP_DEVICE_RWM &&
virCgroupV2DevicesCreateProg(group) < 0) {
return -1;
}
return virCgroupV2AllowDevice(group, 'a', -1, -1, perms);
}
virCgroupBackend virCgroupV2Backend = {
.type = VIR_CGROUP_BACKEND_TYPE_V2,
@ -1858,6 +1875,7 @@ virCgroupBackend virCgroupV2Backend = {
.allowDevice = virCgroupV2AllowDevice,
.denyDevice = virCgroupV2DenyDevice,
.allowAllDevices = virCgroupV2AllowAllDevices,
.setCpuShares = virCgroupV2SetCpuShares,
.getCpuShares = virCgroupV2GetCpuShares,