mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-24 21:45:21 +00:00
Move check for cgroup devices ACL upfront in LXC hotplug
The check for whether the cgroup devices ACL is available is done quite late during LXC hotplug - in fact after the device node is already created in the container in some cases. Better to do it upfront so we fail immediately. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> (cherry picked from commit c3eb12cace868884393d35c23278653634d81c70)
This commit is contained in:
parent
51fe7d9de8
commit
849272dee8
@ -3038,6 +3038,12 @@ lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
|
||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
||||
_("devices cgroup isn't mounted"));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (def->type != VIR_DOMAIN_DISK_TYPE_BLOCK) {
|
||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||
_("Can't setup disk for non-block device"));
|
||||
@ -3105,12 +3111,6 @@ lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
|
||||
vm->def, def) < 0)
|
||||
goto cleanup;
|
||||
|
||||
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
|
||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
||||
_("devices cgroup isn't mounted"));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (virCgroupAllowDevicePath(priv->cgroup, def->src,
|
||||
(def->readonly ?
|
||||
VIR_CGROUP_DEVICE_READ :
|
||||
@ -3307,12 +3307,6 @@ lxcDomainAttachDeviceHostdevSubsysUSBLive(virLXCDriverPtr driver,
|
||||
def->source.subsys.u.usb.device) < 0)
|
||||
goto cleanup;
|
||||
|
||||
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
|
||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
||||
_("devices cgroup isn't mounted"));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (!(usb = virUSBDeviceNew(def->source.subsys.u.usb.bus,
|
||||
def->source.subsys.u.usb.device, vroot)))
|
||||
goto cleanup;
|
||||
@ -3460,12 +3454,6 @@ lxcDomainAttachDeviceHostdevStorageLive(virLXCDriverPtr driver,
|
||||
vm->def, def, vroot) < 0)
|
||||
goto cleanup;
|
||||
|
||||
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
|
||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
||||
_("devices cgroup isn't mounted"));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.storage.block,
|
||||
VIR_CGROUP_DEVICE_RW |
|
||||
VIR_CGROUP_DEVICE_MKNOD) != 0) {
|
||||
@ -3568,12 +3556,6 @@ lxcDomainAttachDeviceHostdevMiscLive(virLXCDriverPtr driver,
|
||||
vm->def, def, vroot) < 0)
|
||||
goto cleanup;
|
||||
|
||||
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
|
||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
||||
_("devices cgroup isn't mounted"));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.misc.chardev,
|
||||
VIR_CGROUP_DEVICE_RW |
|
||||
VIR_CGROUP_DEVICE_MKNOD) != 0) {
|
||||
@ -3649,6 +3631,12 @@ lxcDomainAttachDeviceHostdevLive(virLXCDriverPtr driver,
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
|
||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
||||
_("devices cgroup isn't mounted"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
switch (dev->data.hostdev->mode) {
|
||||
case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS:
|
||||
return lxcDomainAttachDeviceHostdevSubsysLive(driver, vm, dev);
|
||||
|
Loading…
x
Reference in New Issue
Block a user