From nobody Sun Feb 8 11:59:17 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1546438210683807.1213046171716; Wed, 2 Jan 2019 06:10:10 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 94C92C034DE1; Wed, 2 Jan 2019 14:10:08 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4EA5A103BAB2; Wed, 2 Jan 2019 14:10:08 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D33443F608; Wed, 2 Jan 2019 14:10:07 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x02E97Pn000978 for ; Wed, 2 Jan 2019 09:09:07 -0500 Received: by smtp.corp.redhat.com (Postfix) id 64C1A608DC; Wed, 2 Jan 2019 14:09:07 +0000 (UTC) Received: from antique-work.brq.redhat.com (unknown [10.43.2.181]) by smtp.corp.redhat.com (Postfix) with ESMTP id DF90D608E0 for ; Wed, 2 Jan 2019 14:09:06 +0000 (UTC) From: Pavel Hrdina To: libvir-list@redhat.com Date: Wed, 2 Jan 2019 15:08:46 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 14/19] vircgroup: introduce virCgroupV2AllowAllDevices X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Wed, 02 Jan 2019 14:10:09 +0000 (UTC) Content-Type: text/plain; charset="utf-8" If we want to allow all devices with all permissions we need to replace any existing program that has any rule configured, otherwise we just need to add new rule which will for example allow read access to all devices. Signed-off-by: Pavel Hrdina --- src/util/vircgroupv2.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index aea7ba677f..6c3f2bf522 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -2070,6 +2070,23 @@ virCgroupV2DenyDevice(virCgroupPtr group, } =20 =20 +static int +virCgroupV2AllowAllDevices(virCgroupPtr group, + int perms) +{ + if (virCgroupV2DevicePrepareProg(group) < 0) + return -1; + + if (group->unified.devices.count > 0 && + perms =3D=3D VIR_CGROUP_DEVICE_RWM && + virCgroupV2DeviceCreateProg(group) < 0) { + return -1; + } + + return virCgroupV2AllowDevice(group, 'a', -1, -1, perms); +} + + virCgroupBackend virCgroupV2Backend =3D { .type =3D VIR_CGROUP_BACKEND_TYPE_V2, =20 @@ -2121,6 +2138,7 @@ virCgroupBackend virCgroupV2Backend =3D { =20 .allowDevice =3D virCgroupV2AllowDevice, .denyDevice =3D virCgroupV2DenyDevice, + .allowAllDevices =3D virCgroupV2AllowAllDevices, =20 .setCpuShares =3D virCgroupV2SetCpuShares, .getCpuShares =3D virCgroupV2GetCpuShares, --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list