mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-08 22:15:21 +00:00
vircgroup: extract virCgroupV1(Allow|Deny)Device
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
This commit is contained in:
parent
87d9fc5b3b
commit
8cbb0c76ba
@ -1871,29 +1871,7 @@ int
|
||||
virCgroupAllowDevice(virCgroupPtr group, char type, int major, int minor,
|
||||
int perms)
|
||||
{
|
||||
VIR_AUTOFREE(char *) devstr = NULL;
|
||||
VIR_AUTOFREE(char *) majorstr = NULL;
|
||||
VIR_AUTOFREE(char *) minorstr = NULL;
|
||||
|
||||
if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
|
||||
(major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))
|
||||
return -1;
|
||||
|
||||
if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
|
||||
(minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))
|
||||
return -1;
|
||||
|
||||
if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
|
||||
virCgroupGetDevicePermsString(perms)) < 0)
|
||||
return -1;
|
||||
|
||||
if (virCgroupSetValueStr(group,
|
||||
VIR_CGROUP_CONTROLLER_DEVICES,
|
||||
"devices.allow",
|
||||
devstr) < 0)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1, type, major, minor, perms);
|
||||
}
|
||||
|
||||
|
||||
@ -1932,11 +1910,11 @@ virCgroupAllowDevicePath(virCgroupPtr group,
|
||||
if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))
|
||||
return 1;
|
||||
|
||||
return virCgroupAllowDevice(group,
|
||||
S_ISCHR(sb.st_mode) ? 'c' : 'b',
|
||||
major(sb.st_rdev),
|
||||
minor(sb.st_rdev),
|
||||
perms);
|
||||
VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1,
|
||||
S_ISCHR(sb.st_mode) ? 'c' : 'b',
|
||||
major(sb.st_rdev),
|
||||
minor(sb.st_rdev),
|
||||
perms);
|
||||
}
|
||||
|
||||
|
||||
@ -1955,29 +1933,7 @@ int
|
||||
virCgroupDenyDevice(virCgroupPtr group, char type, int major, int minor,
|
||||
int perms)
|
||||
{
|
||||
VIR_AUTOFREE(char *) devstr = NULL;
|
||||
VIR_AUTOFREE(char *) majorstr = NULL;
|
||||
VIR_AUTOFREE(char *) minorstr = NULL;
|
||||
|
||||
if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
|
||||
(major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))
|
||||
return -1;
|
||||
|
||||
if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
|
||||
(minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))
|
||||
return -1;
|
||||
|
||||
if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
|
||||
virCgroupGetDevicePermsString(perms)) < 0)
|
||||
return -1;
|
||||
|
||||
if (virCgroupSetValueStr(group,
|
||||
VIR_CGROUP_CONTROLLER_DEVICES,
|
||||
"devices.deny",
|
||||
devstr) < 0)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1, type, major, minor, perms);
|
||||
}
|
||||
|
||||
|
||||
@ -2016,11 +1972,11 @@ virCgroupDenyDevicePath(virCgroupPtr group,
|
||||
if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))
|
||||
return 1;
|
||||
|
||||
return virCgroupDenyDevice(group,
|
||||
S_ISCHR(sb.st_mode) ? 'c' : 'b',
|
||||
major(sb.st_rdev),
|
||||
minor(sb.st_rdev),
|
||||
perms);
|
||||
VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1,
|
||||
S_ISCHR(sb.st_mode) ? 'c' : 'b',
|
||||
major(sb.st_rdev),
|
||||
minor(sb.st_rdev),
|
||||
perms);
|
||||
}
|
||||
|
||||
|
||||
|
@ -255,6 +255,20 @@ typedef int
|
||||
(*virCgroupGetMemSwapUsageCB)(virCgroupPtr group,
|
||||
unsigned long long *kb);
|
||||
|
||||
typedef int
|
||||
(*virCgroupAllowDeviceCB)(virCgroupPtr group,
|
||||
char type,
|
||||
int major,
|
||||
int minor,
|
||||
int perms);
|
||||
|
||||
typedef int
|
||||
(*virCgroupDenyDeviceCB)(virCgroupPtr group,
|
||||
char type,
|
||||
int major,
|
||||
int minor,
|
||||
int perms);
|
||||
|
||||
struct _virCgroupBackend {
|
||||
virCgroupBackendType type;
|
||||
|
||||
@ -304,6 +318,9 @@ struct _virCgroupBackend {
|
||||
virCgroupSetMemSwapHardLimitCB setMemSwapHardLimit;
|
||||
virCgroupGetMemSwapHardLimitCB getMemSwapHardLimit;
|
||||
virCgroupGetMemSwapUsageCB getMemSwapUsage;
|
||||
|
||||
virCgroupAllowDeviceCB allowDevice;
|
||||
virCgroupDenyDeviceCB denyDevice;
|
||||
};
|
||||
typedef struct _virCgroupBackend virCgroupBackend;
|
||||
typedef virCgroupBackend *virCgroupBackendPtr;
|
||||
|
@ -1670,6 +1670,72 @@ virCgroupV1GetMemSwapUsage(virCgroupPtr group,
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virCgroupV1AllowDevice(virCgroupPtr group,
|
||||
char type,
|
||||
int major,
|
||||
int minor,
|
||||
int perms)
|
||||
{
|
||||
VIR_AUTOFREE(char *) devstr = NULL;
|
||||
VIR_AUTOFREE(char *) majorstr = NULL;
|
||||
VIR_AUTOFREE(char *) minorstr = NULL;
|
||||
|
||||
if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
|
||||
(major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))
|
||||
return -1;
|
||||
|
||||
if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
|
||||
(minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))
|
||||
return -1;
|
||||
|
||||
if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
|
||||
virCgroupGetDevicePermsString(perms)) < 0)
|
||||
return -1;
|
||||
|
||||
if (virCgroupSetValueStr(group,
|
||||
VIR_CGROUP_CONTROLLER_DEVICES,
|
||||
"devices.allow",
|
||||
devstr) < 0)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virCgroupV1DenyDevice(virCgroupPtr group,
|
||||
char type,
|
||||
int major,
|
||||
int minor,
|
||||
int perms)
|
||||
{
|
||||
VIR_AUTOFREE(char *) devstr = NULL;
|
||||
VIR_AUTOFREE(char *) majorstr = NULL;
|
||||
VIR_AUTOFREE(char *) minorstr = NULL;
|
||||
|
||||
if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
|
||||
(major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))
|
||||
return -1;
|
||||
|
||||
if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
|
||||
(minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))
|
||||
return -1;
|
||||
|
||||
if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
|
||||
virCgroupGetDevicePermsString(perms)) < 0)
|
||||
return -1;
|
||||
|
||||
if (virCgroupSetValueStr(group,
|
||||
VIR_CGROUP_CONTROLLER_DEVICES,
|
||||
"devices.deny",
|
||||
devstr) < 0)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
virCgroupBackend virCgroupV1Backend = {
|
||||
.type = VIR_CGROUP_BACKEND_TYPE_V1,
|
||||
|
||||
@ -1717,6 +1783,9 @@ virCgroupBackend virCgroupV1Backend = {
|
||||
.setMemSwapHardLimit = virCgroupV1SetMemSwapHardLimit,
|
||||
.getMemSwapHardLimit = virCgroupV1GetMemSwapHardLimit,
|
||||
.getMemSwapUsage = virCgroupV1GetMemSwapUsage,
|
||||
|
||||
.allowDevice = virCgroupV1AllowDevice,
|
||||
.denyDevice = virCgroupV1DenyDevice,
|
||||
};
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user