mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-08-05 08:23:48 +00:00
qemu_cgroup: Allow/disallow devmapper control iff available
https://bugzilla.redhat.com/show_bug.cgi?id=1591732 On kernels without device mapper support there won't be /dev/mapper/control. Therefore it doesn't make much sense to put it into devices CGroup. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
170d1e31df
commit
8d2a9f0994
@ -129,6 +129,7 @@ qemuSetupImageCgroupInternal(virDomainObjPtr vm,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (virStoragePRDefIsManaged(src->pr) &&
|
if (virStoragePRDefIsManaged(src->pr) &&
|
||||||
|
virFileExists(DEVICE_MAPPER_CONTROL_PATH) &&
|
||||||
qemuSetupImagePathCgroup(vm, DEVICE_MAPPER_CONTROL_PATH, false) < 0)
|
qemuSetupImagePathCgroup(vm, DEVICE_MAPPER_CONTROL_PATH, false) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
@ -163,28 +164,29 @@ qemuTeardownImageCgroup(virDomainObjPtr vm,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < vm->def->ndisks; i++) {
|
if (virFileExists(DEVICE_MAPPER_CONTROL_PATH)) {
|
||||||
virStorageSourcePtr diskSrc = vm->def->disks[i]->src;
|
for (i = 0; i < vm->def->ndisks; i++) {
|
||||||
|
virStorageSourcePtr diskSrc = vm->def->disks[i]->src;
|
||||||
|
|
||||||
if (src == diskSrc)
|
if (src == diskSrc)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (virStoragePRDefIsManaged(diskSrc->pr))
|
if (virStoragePRDefIsManaged(diskSrc->pr))
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (i == vm->def->ndisks) {
|
||||||
|
VIR_DEBUG("Disabling device mapper control");
|
||||||
|
ret = virCgroupDenyDevicePath(priv->cgroup,
|
||||||
|
DEVICE_MAPPER_CONTROL_PATH, perms, true);
|
||||||
|
virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
|
||||||
|
DEVICE_MAPPER_CONTROL_PATH,
|
||||||
|
virCgroupGetDevicePermsString(perms), ret);
|
||||||
|
if (ret < 0)
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (i == vm->def->ndisks) {
|
|
||||||
VIR_DEBUG("Disabling device mapper control");
|
|
||||||
ret = virCgroupDenyDevicePath(priv->cgroup,
|
|
||||||
DEVICE_MAPPER_CONTROL_PATH, perms, true);
|
|
||||||
virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
|
|
||||||
DEVICE_MAPPER_CONTROL_PATH,
|
|
||||||
virCgroupGetDevicePermsString(perms), ret);
|
|
||||||
if (ret < 0)
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
VIR_DEBUG("Deny path %s", src->path);
|
VIR_DEBUG("Deny path %s", src->path);
|
||||||
|
|
||||||
ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms, true);
|
ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms, true);
|
||||||
|
Loading…
Reference in New Issue
Block a user