From nobody Sun Feb  8 14:31:27 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1556178313; cv=none;
	d=zoho.com; s=zohoarc;
	b=URQmSPU8Zk/FcjMB1b9Fi5KbYsA/RKF8U1iPigDKg2vlHF0WEpByZcdOoxiUwOi6pWyagxf5VMZMDZeych48yGI4d6jQ4Ck1rLO1QkJcq10zWeTLTuHqPd33BCtU9Rlt+8lZUcTwI+5kdoG/gjhzD51kr7EtHxh1/7/NBInMnRo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1556178313;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=WKWOnz+DNPFe+anAzizZnKA6Es6tuFCabrlp8zQH6Bs=;
	b=bbq8loNIr+u7EzFBQjPxn3IR7nHuZ3KQMSNNiR34F1GgyGAGDpNnEq2RBs1xOc0a5vU4Csc4iABFicl1o9xw1BOTUSXeqFNhSlkMHcAFJsq/VFgM4+WX51L+Sy8eUFzd/2poPtEZnOU9rjQzT+TsXmsRvDnw5JO27QPKJLCkTOs=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<phrdina@redhat.com> (p=none dis=none)
 header.from=<phrdina@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1556178313943827.2816243810969;
 Thu, 25 Apr 2019 00:45:13 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 980543094B1E;
	Thu, 25 Apr 2019 07:45:12 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 609BF5DE4E;
	Thu, 25 Apr 2019 07:45:12 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0670B65D1B;
	Thu, 25 Apr 2019 07:45:12 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x3P7ihlZ007933 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 25 Apr 2019 03:44:43 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 8DF88648AE; Thu, 25 Apr 2019 07:44:43 +0000 (UTC)
Received: from antique-work.brq.redhat.com (unknown [10.43.2.63])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 16EF3648B5
	for <libvir-list@redhat.com>; Thu, 25 Apr 2019 07:44:42 +0000 (UTC)
From: Pavel Hrdina <phrdina@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 25 Apr 2019 09:44:29 +0200
Message-Id: 
 <665e6c96be2f704689cd5922685555a080a539a5.1556178064.git.phrdina@redhat.com>
In-Reply-To: <cover.1556178064.git.phrdina@redhat.com>
References: <cover.1556178064.git.phrdina@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 12/15] vircgroup: introduce
	virCgroupV2AllowAllDevices
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]);
 Thu, 25 Apr 2019 07:45:13 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

If we want to allow all devices with all permissions we need to replace
any existing program that has any rule configured, otherwise we just
need to add new rule which will for example allow read access to all
devices.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: J=C3=A1n Tomko <jtomko@redhat.com>
---
 src/util/vircgroupv2.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index bf78c33519..a8ba9b9e9e 100644
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -1708,6 +1708,23 @@ virCgroupV2DenyDevice(virCgroupPtr group,
 }
=20
=20
+static int
+virCgroupV2AllowAllDevices(virCgroupPtr group,
+                           int perms)
+{
+    if (virCgroupV2DevicesPrepareProg(group) < 0)
+        return -1;
+
+    if (group->unified.devices.count > 0 &&
+        perms =3D=3D VIR_CGROUP_DEVICE_RWM &&
+        virCgroupV2DevicesCreateProg(group) < 0) {
+        return -1;
+    }
+
+    return virCgroupV2AllowDevice(group, 'a', -1, -1, perms);
+}
+
+
 virCgroupBackend virCgroupV2Backend =3D {
     .type =3D VIR_CGROUP_BACKEND_TYPE_V2,
=20
@@ -1759,6 +1776,7 @@ virCgroupBackend virCgroupV2Backend =3D {
=20
     .allowDevice =3D virCgroupV2AllowDevice,
     .denyDevice =3D virCgroupV2DenyDevice,
+    .allowAllDevices =3D virCgroupV2AllowAllDevices,
=20
     .setCpuShares =3D virCgroupV2SetCpuShares,
     .getCpuShares =3D virCgroupV2GetCpuShares,
--=20
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list