From nobody Mon Feb  9 08:31:35 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1547480912314420.6441714111943;
 Mon, 14 Jan 2019 07:48:32 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 3AA12C0C6C30;
	Mon, 14 Jan 2019 15:48:27 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D7FA536FA;
	Mon, 14 Jan 2019 15:48:26 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 802923F603;
	Mon, 14 Jan 2019 15:48:26 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
	[10.5.11.16])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x0EFm2pw012862 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 14 Jan 2019 10:48:02 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id D02ED17572; Mon, 14 Jan 2019 15:48:02 +0000 (UTC)
Received: from antique-work.brq.redhat.com (unknown [10.43.2.63])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5417F5C1B4
	for <libvir-list@redhat.com>; Mon, 14 Jan 2019 15:48:02 +0000 (UTC)
From: Pavel Hrdina <phrdina@redhat.com>
To: libvir-list@redhat.com
Date: Mon, 14 Jan 2019 16:47:46 +0100
Message-Id: 
 <0f9316c0d1c492744dc9582f5594b7e75e071c5e.1547480099.git.phrdina@redhat.com>
In-Reply-To: <cover.1547480099.git.phrdina@redhat.com>
References: <cover.1547480099.git.phrdina@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 12/17] vircgroup: introduce
	virCgroupV2AllowAllDevices
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]);
 Mon, 14 Jan 2019 15:48:30 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

If we want to allow all devices with all permissions we need to replace
any existing program that has any rule configured, otherwise we just
need to add new rule which will for example allow read access to all
devices.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/util/vircgroupv2.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index b6c09baadc..8ad4de986f 100644
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -1638,6 +1638,23 @@ virCgroupV2DenyDevice(virCgroupPtr group,
 }
=20
=20
+static int
+virCgroupV2AllowAllDevices(virCgroupPtr group,
+                           int perms)
+{
+    if (virCgroupV2DevicesPrepareProg(group) < 0)
+        return -1;
+
+    if (group->unified.devices.count > 0 &&
+        perms =3D=3D VIR_CGROUP_DEVICE_RWM &&
+        virCgroupV2DevicesCreateProg(group) < 0) {
+        return -1;
+    }
+
+    return virCgroupV2AllowDevice(group, 'a', -1, -1, perms);
+}
+
+
 virCgroupBackend virCgroupV2Backend =3D {
     .type =3D VIR_CGROUP_BACKEND_TYPE_V2,
=20
@@ -1689,6 +1706,7 @@ virCgroupBackend virCgroupV2Backend =3D {
=20
     .allowDevice =3D virCgroupV2AllowDevice,
     .denyDevice =3D virCgroupV2DenyDevice,
+    .allowAllDevices =3D virCgroupV2AllowAllDevices,
=20
     .setCpuShares =3D virCgroupV2SetCpuShares,
     .getCpuShares =3D virCgroupV2GetCpuShares,
--=20
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list