1. Patchew
  2. Libvirt
  3. [libvirt] [PATCH v3 00/15] implement cgroups v2 support
  4. View patch

[libvirt] [PATCH v3 12/15] vircgroup: introduce virCgroupV2AllowAllDevices

Pavel Hrdina posted 15 patches 6 years, 9 months ago
[libvirt] [PATCH v3 12/15] vircgroup: introduce virCgroupV2AllowAllDevices
Posted by Pavel Hrdina 6 years, 9 months ago 
If we want to allow all devices with all permissions we need to replace
any existing program that has any rule configured, otherwise we just
need to add new rule which will for example allow read access to all
devices.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/util/vircgroupv2.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index bf78c33519..a8ba9b9e9e 100644
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -1708,6 +1708,23 @@ virCgroupV2DenyDevice(virCgroupPtr group,
 }
 
 
+static int
+virCgroupV2AllowAllDevices(virCgroupPtr group,
+                           int perms)
+{
+    if (virCgroupV2DevicesPrepareProg(group) < 0)
+        return -1;
+
+    if (group->unified.devices.count > 0 &&
+        perms == VIR_CGROUP_DEVICE_RWM &&
+        virCgroupV2DevicesCreateProg(group) < 0) {
+        return -1;
+    }
+
+    return virCgroupV2AllowDevice(group, 'a', -1, -1, perms);
+}
+
+
 virCgroupBackend virCgroupV2Backend = {
     .type = VIR_CGROUP_BACKEND_TYPE_V2,
 
@@ -1759,6 +1776,7 @@ virCgroupBackend virCgroupV2Backend = {
 
     .allowDevice = virCgroupV2AllowDevice,
     .denyDevice = virCgroupV2DenyDevice,
+    .allowAllDevices = virCgroupV2AllowAllDevices,
 
     .setCpuShares = virCgroupV2SetCpuShares,
     .getCpuShares = virCgroupV2GetCpuShares,
-- 
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 12/15] vircgroup: introduce virCgroupV2AllowAllDevices
Posted by Ján Tomko 6 years, 7 months ago 
On Thu, Apr 25, 2019 at 09:44:29AM +0200, Pavel Hrdina wrote:
>If we want to allow all devices with all permissions we need to replace
>any existing program that has any rule configured, otherwise we just
>need to add new rule which will for example allow read access to all
>devices.
>
>Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
>---
> src/util/vircgroupv2.c | 18 ++++++++++++++++++
> 1 file changed, 18 insertions(+)
>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.