qemu_cgroup: Allow/disallow devmapper control iff available

https://bugzilla.redhat.com/show_bug.cgi?id=1591732

On kernels without device mapper support there won't be
/dev/mapper/control. Therefore it doesn't make much sense to
put it into devices CGroup.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Michal Privoznik 2018-07-13 14:34:28 +02:00
parent 170d1e31df
commit 8d2a9f0994

View File

@ -129,6 +129,7 @@ qemuSetupImageCgroupInternal(virDomainObjPtr vm,
}
if (virStoragePRDefIsManaged(src->pr) &&
virFileExists(DEVICE_MAPPER_CONTROL_PATH) &&
qemuSetupImagePathCgroup(vm, DEVICE_MAPPER_CONTROL_PATH, false) < 0)
return -1;
@ -163,28 +164,29 @@ qemuTeardownImageCgroup(virDomainObjPtr vm,
return 0;
}
for (i = 0; i < vm->def->ndisks; i++) {
virStorageSourcePtr diskSrc = vm->def->disks[i]->src;
if (virFileExists(DEVICE_MAPPER_CONTROL_PATH)) {
for (i = 0; i < vm->def->ndisks; i++) {
virStorageSourcePtr diskSrc = vm->def->disks[i]->src;
if (src == diskSrc)
continue;
if (src == diskSrc)
continue;
if (virStoragePRDefIsManaged(diskSrc->pr))
break;
if (virStoragePRDefIsManaged(diskSrc->pr))
break;
}
if (i == vm->def->ndisks) {
VIR_DEBUG("Disabling device mapper control");
ret = virCgroupDenyDevicePath(priv->cgroup,
DEVICE_MAPPER_CONTROL_PATH, perms, true);
virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
DEVICE_MAPPER_CONTROL_PATH,
virCgroupGetDevicePermsString(perms), ret);
if (ret < 0)
return ret;
}
}
if (i == vm->def->ndisks) {
VIR_DEBUG("Disabling device mapper control");
ret = virCgroupDenyDevicePath(priv->cgroup,
DEVICE_MAPPER_CONTROL_PATH, perms, true);
virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
DEVICE_MAPPER_CONTROL_PATH,
virCgroupGetDevicePermsString(perms), ret);
if (ret < 0)
return ret;
}
VIR_DEBUG("Deny path %s", src->path);
ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms, true);