mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-07 05:25:25 +00:00
vircgroup: extract virCgroupV1(Allow|Deny)AllDevices
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
This commit is contained in:
parent
8cbb0c76ba
commit
fd9a0368b9
@ -1818,10 +1818,7 @@ virCgroupGetCpusetCpus(virCgroupPtr group, char **cpus)
|
|||||||
int
|
int
|
||||||
virCgroupDenyAllDevices(virCgroupPtr group)
|
virCgroupDenyAllDevices(virCgroupPtr group)
|
||||||
{
|
{
|
||||||
return virCgroupSetValueStr(group,
|
VIR_CGROUP_BACKEND_CALL(group, denyAllDevices, -1);
|
||||||
VIR_CGROUP_CONTROLLER_DEVICES,
|
|
||||||
"devices.deny",
|
|
||||||
"a");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -1841,18 +1838,7 @@ virCgroupDenyAllDevices(virCgroupPtr group)
|
|||||||
int
|
int
|
||||||
virCgroupAllowAllDevices(virCgroupPtr group, int perms)
|
virCgroupAllowAllDevices(virCgroupPtr group, int perms)
|
||||||
{
|
{
|
||||||
int ret = -1;
|
VIR_CGROUP_BACKEND_CALL(group, allowAllDevices, -1, perms);
|
||||||
|
|
||||||
if (virCgroupAllowDevice(group, 'b', -1, -1, perms) < 0)
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
if (virCgroupAllowDevice(group, 'c', -1, -1, perms) < 0)
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
ret = 0;
|
|
||||||
|
|
||||||
cleanup:
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -269,6 +269,13 @@ typedef int
|
|||||||
int minor,
|
int minor,
|
||||||
int perms);
|
int perms);
|
||||||
|
|
||||||
|
typedef int
|
||||||
|
(*virCgroupAllowAllDevicesCB)(virCgroupPtr group,
|
||||||
|
int perms);
|
||||||
|
|
||||||
|
typedef int
|
||||||
|
(*virCgroupDenyAllDevicesCB)(virCgroupPtr group);
|
||||||
|
|
||||||
struct _virCgroupBackend {
|
struct _virCgroupBackend {
|
||||||
virCgroupBackendType type;
|
virCgroupBackendType type;
|
||||||
|
|
||||||
@ -321,6 +328,8 @@ struct _virCgroupBackend {
|
|||||||
|
|
||||||
virCgroupAllowDeviceCB allowDevice;
|
virCgroupAllowDeviceCB allowDevice;
|
||||||
virCgroupDenyDeviceCB denyDevice;
|
virCgroupDenyDeviceCB denyDevice;
|
||||||
|
virCgroupAllowAllDevicesCB allowAllDevices;
|
||||||
|
virCgroupDenyAllDevicesCB denyAllDevices;
|
||||||
};
|
};
|
||||||
typedef struct _virCgroupBackend virCgroupBackend;
|
typedef struct _virCgroupBackend virCgroupBackend;
|
||||||
typedef virCgroupBackend *virCgroupBackendPtr;
|
typedef virCgroupBackend *virCgroupBackendPtr;
|
||||||
|
@ -1736,6 +1736,35 @@ virCgroupV1DenyDevice(virCgroupPtr group,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int
|
||||||
|
virCgroupV1AllowAllDevices(virCgroupPtr group,
|
||||||
|
int perms)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
|
||||||
|
if (virCgroupV1AllowDevice(group, 'b', -1, -1, perms) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
if (virCgroupV1AllowDevice(group, 'c', -1, -1, perms) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
ret = 0;
|
||||||
|
|
||||||
|
cleanup:
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int
|
||||||
|
virCgroupV1DenyAllDevices(virCgroupPtr group)
|
||||||
|
{
|
||||||
|
return virCgroupSetValueStr(group,
|
||||||
|
VIR_CGROUP_CONTROLLER_DEVICES,
|
||||||
|
"devices.deny",
|
||||||
|
"a");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
virCgroupBackend virCgroupV1Backend = {
|
virCgroupBackend virCgroupV1Backend = {
|
||||||
.type = VIR_CGROUP_BACKEND_TYPE_V1,
|
.type = VIR_CGROUP_BACKEND_TYPE_V1,
|
||||||
|
|
||||||
@ -1786,6 +1815,8 @@ virCgroupBackend virCgroupV1Backend = {
|
|||||||
|
|
||||||
.allowDevice = virCgroupV1AllowDevice,
|
.allowDevice = virCgroupV1AllowDevice,
|
||||||
.denyDevice = virCgroupV1DenyDevice,
|
.denyDevice = virCgroupV1DenyDevice,
|
||||||
|
.allowAllDevices = virCgroupV1AllowAllDevices,
|
||||||
|
.denyAllDevices = virCgroupV1DenyAllDevices,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user