From 4cf3b3d335b83b5feb49e71775b6a8f1fddbbce9 Mon Sep 17 00:00:00 2001 Message-Id: <4cf3b3d335b83b5feb49e71775b6a8f1fddbbce9@dist-git> From: Pavel Hrdina Date: Mon, 1 Jul 2019 17:06:55 +0200 Subject: [PATCH] vircgroup: extract virCgroupV1(Allow|Deny)AllDevices MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Fabiano Fidêncio Reviewed-by: Ján Tomko Signed-off-by: Pavel Hrdina (cherry picked from commit fd9a0368b91c425f860115c0451067ee917574d1) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1689297 Signed-off-by: Pavel Hrdina Message-Id: Reviewed-by: Ján Tomko --- src/util/vircgroup.c | 18 ++---------------- src/util/vircgroupbackend.h | 9 +++++++++ src/util/vircgroupv1.c | 31 +++++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 16 deletions(-) diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index a30fc6241d..67c68f3dc6 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -1822,10 +1822,7 @@ virCgroupGetCpusetCpus(virCgroupPtr group, char **cpus) int virCgroupDenyAllDevices(virCgroupPtr group) { - return virCgroupSetValueStr(group, - VIR_CGROUP_CONTROLLER_DEVICES, - "devices.deny", - "a"); + VIR_CGROUP_BACKEND_CALL(group, denyAllDevices, -1); } /** @@ -1845,18 +1842,7 @@ virCgroupDenyAllDevices(virCgroupPtr group) int virCgroupAllowAllDevices(virCgroupPtr group, int perms) { - int ret = -1; - - if (virCgroupAllowDevice(group, 'b', -1, -1, perms) < 0) - goto cleanup; - - if (virCgroupAllowDevice(group, 'c', -1, -1, perms) < 0) - goto cleanup; - - ret = 0; - - cleanup: - return ret; + VIR_CGROUP_BACKEND_CALL(group, allowAllDevices, -1, perms); } diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h index 04897b5895..436c83f6fa 100644 --- a/src/util/vircgroupbackend.h +++ b/src/util/vircgroupbackend.h @@ -269,6 +269,13 @@ typedef int int minor, int perms); +typedef int +(*virCgroupAllowAllDevicesCB)(virCgroupPtr group, + int perms); + +typedef int +(*virCgroupDenyAllDevicesCB)(virCgroupPtr group); + struct _virCgroupBackend { virCgroupBackendType type; @@ -321,6 +328,8 @@ struct _virCgroupBackend { virCgroupAllowDeviceCB allowDevice; virCgroupDenyDeviceCB denyDevice; + virCgroupAllowAllDevicesCB allowAllDevices; + virCgroupDenyAllDevicesCB denyAllDevices; }; typedef struct _virCgroupBackend virCgroupBackend; typedef virCgroupBackend *virCgroupBackendPtr; diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c index 02cd7ab956..34393812d2 100644 --- a/src/util/vircgroupv1.c +++ b/src/util/vircgroupv1.c @@ -1737,6 +1737,35 @@ virCgroupV1DenyDevice(virCgroupPtr group, } +static int +virCgroupV1AllowAllDevices(virCgroupPtr group, + int perms) +{ + int ret = -1; + + if (virCgroupV1AllowDevice(group, 'b', -1, -1, perms) < 0) + goto cleanup; + + if (virCgroupV1AllowDevice(group, 'c', -1, -1, perms) < 0) + goto cleanup; + + ret = 0; + + cleanup: + return ret; +} + + +static int +virCgroupV1DenyAllDevices(virCgroupPtr group) +{ + return virCgroupSetValueStr(group, + VIR_CGROUP_CONTROLLER_DEVICES, + "devices.deny", + "a"); +} + + virCgroupBackend virCgroupV1Backend = { .type = VIR_CGROUP_BACKEND_TYPE_V1, @@ -1787,6 +1816,8 @@ virCgroupBackend virCgroupV1Backend = { .allowDevice = virCgroupV1AllowDevice, .denyDevice = virCgroupV1DenyDevice, + .allowAllDevices = virCgroupV1AllowAllDevices, + .denyAllDevices = virCgroupV1DenyAllDevices, }; -- 2.22.0