qemu_cgroup: Allow/disallow devmapper control iff available

https://bugzilla.redhat.com/show_bug.cgi?id=1591732 On kernels without device mapper support there won't be /dev/mapper/control. Therefore it doesn't make much sense to put it into devices CGroup. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-12-22 13:45:38 +00:00 · 2018-07-13 14:34:28 +02:00 · 2018-07-13 14:34:28 +02:00 · 8d2a9f0994
commit 8d2a9f0994
parent 170d1e31df
1 changed files with 20 additions and 18 deletions
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@ -129,6 +129,7 @@ qemuSetupImageCgroupInternal(virDomainObjPtr vm,
    }

    if (virStoragePRDefIsManaged(src->pr) &&
+        virFileExists(DEVICE_MAPPER_CONTROL_PATH) &&
        qemuSetupImagePathCgroup(vm, DEVICE_MAPPER_CONTROL_PATH, false) < 0)
        return -1;

@ -163,28 +164,29 @@ qemuTeardownImageCgroup(virDomainObjPtr vm,
        return 0;
    }

-    for (i = 0; i < vm->def->ndisks; i++) {
-        virStorageSourcePtr diskSrc = vm->def->disks[i]->src;
+    if (virFileExists(DEVICE_MAPPER_CONTROL_PATH)) {
+        for (i = 0; i < vm->def->ndisks; i++) {
+            virStorageSourcePtr diskSrc = vm->def->disks[i]->src;

-        if (src == diskSrc)
-            continue;
+            if (src == diskSrc)
+                continue;

-        if (virStoragePRDefIsManaged(diskSrc->pr))
-            break;
+            if (virStoragePRDefIsManaged(diskSrc->pr))
+                break;
+        }
+
+        if (i == vm->def->ndisks) {
+            VIR_DEBUG("Disabling device mapper control");
+            ret = virCgroupDenyDevicePath(priv->cgroup,
+                                          DEVICE_MAPPER_CONTROL_PATH, perms, true);
+            virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
+                                     DEVICE_MAPPER_CONTROL_PATH,
+                                     virCgroupGetDevicePermsString(perms), ret);
+            if (ret < 0)
+                return ret;
+        }
    }

-    if (i == vm->def->ndisks) {
-        VIR_DEBUG("Disabling device mapper control");
-        ret = virCgroupDenyDevicePath(priv->cgroup,
-                                      DEVICE_MAPPER_CONTROL_PATH, perms, true);
-        virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
-                                 DEVICE_MAPPER_CONTROL_PATH,
-                                 virCgroupGetDevicePermsString(perms), ret);
-        if (ret < 0)
-            return ret;
-    }
-
-
    VIR_DEBUG("Deny path %s", src->path);

    ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms, true);