[libvirt] [PATCH 34/47] vircgroup: extract virCgroupV1(Allow|Deny)Device
Fabiano Fidêncio
fidencio at redhat.com
Thu Sep 20 06:30:45 UTC 2018
On Tue, Sep 18, 2018 at 5:45 PM, Pavel Hrdina <phrdina at redhat.com> wrote:
> Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
>
Reviewed-by: Fabiano Fidêncio <fidencio at redhat.com>
> ---
> src/util/vircgroup.c | 68 +++++++-----------------------------
> src/util/vircgroupbackend.h | 17 +++++++++
> src/util/vircgroupv1.c | 69 +++++++++++++++++++++++++++++++++++++
> 3 files changed, 98 insertions(+), 56 deletions(-)
>
> diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
> index 38a30b759f..8a54437dfa 100644
> --- a/src/util/vircgroup.c
> +++ b/src/util/vircgroup.c
> @@ -1877,29 +1877,7 @@ int
> virCgroupAllowDevice(virCgroupPtr group, char type, int major, int minor,
> int perms)
> {
> - VIR_AUTOFREE(char *) devstr = NULL;
> - VIR_AUTOFREE(char *) majorstr = NULL;
> - VIR_AUTOFREE(char *) minorstr = NULL;
> -
> - if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
> - (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))
> - return -1;
> -
> - if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
> - (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))
> - return -1;
> -
> - if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
> - virCgroupGetDevicePermsString(perms)) < 0)
> - return -1;
> -
> - if (virCgroupSetValueStr(group,
> - VIR_CGROUP_CONTROLLER_DEVICES,
> - "devices.allow",
> - devstr) < 0)
> - return -1;
> -
> - return 0;
> + VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1, type, major, minor,
> perms);
> }
>
>
> @@ -1938,11 +1916,11 @@ virCgroupAllowDevicePath(virCgroupPtr group,
> if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))
> return 1;
>
> - return virCgroupAllowDevice(group,
> - S_ISCHR(sb.st_mode) ? 'c' : 'b',
> - major(sb.st_rdev),
> - minor(sb.st_rdev),
> - perms);
> + VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1,
> + S_ISCHR(sb.st_mode) ? 'c' : 'b',
> + major(sb.st_rdev),
> + minor(sb.st_rdev),
> + perms);
> }
>
>
> @@ -1961,29 +1939,7 @@ int
> virCgroupDenyDevice(virCgroupPtr group, char type, int major, int minor,
> int perms)
> {
> - VIR_AUTOFREE(char *) devstr = NULL;
> - VIR_AUTOFREE(char *) majorstr = NULL;
> - VIR_AUTOFREE(char *) minorstr = NULL;
> -
> - if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
> - (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))
> - return -1;
> -
> - if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
> - (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))
> - return -1;
> -
> - if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
> - virCgroupGetDevicePermsString(perms)) < 0)
> - return -1;
> -
> - if (virCgroupSetValueStr(group,
> - VIR_CGROUP_CONTROLLER_DEVICES,
> - "devices.deny",
> - devstr) < 0)
> - return -1;
> -
> - return 0;
> + VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1, type, major, minor,
> perms);
> }
>
>
> @@ -2022,11 +1978,11 @@ virCgroupDenyDevicePath(virCgroupPtr group,
> if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))
> return 1;
>
> - return virCgroupDenyDevice(group,
> - S_ISCHR(sb.st_mode) ? 'c' : 'b',
> - major(sb.st_rdev),
> - minor(sb.st_rdev),
> - perms);
> + VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1,
> + S_ISCHR(sb.st_mode) ? 'c' : 'b',
> + major(sb.st_rdev),
> + minor(sb.st_rdev),
> + perms);
> }
>
>
> diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h
> index f5454e41f7..d7250cffdb 100644
> --- a/src/util/vircgroupbackend.h
> +++ b/src/util/vircgroupbackend.h
> @@ -247,6 +247,20 @@ typedef int
> (*virCgroupGetMemSwapUsageCB)(virCgroupPtr group,
> unsigned long long *kb);
>
> +typedef int
> +(*virCgroupAllowDeviceCB)(virCgroupPtr group,
> + char type,
> + int major,
> + int minor,
> + int perms);
> +
> +typedef int
> +(*virCgroupDenyDeviceCB)(virCgroupPtr group,
> + char type,
> + int major,
> + int minor,
> + int perms);
> +
> struct _virCgroupBackend {
> virCgroupBackendType type;
>
> @@ -296,6 +310,9 @@ struct _virCgroupBackend {
> virCgroupSetMemSwapHardLimitCB setMemSwapHardLimit;
> virCgroupGetMemSwapHardLimitCB getMemSwapHardLimit;
> virCgroupGetMemSwapUsageCB getMemSwapUsage;
> +
> + virCgroupAllowDeviceCB allowDevice;
> + virCgroupDenyDeviceCB denyDevice;
> };
> typedef struct _virCgroupBackend virCgroupBackend;
> typedef virCgroupBackend *virCgroupBackendPtr;
> diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c
> index 936cf1b1f5..9ac0ef555c 100644
> --- a/src/util/vircgroupv1.c
> +++ b/src/util/vircgroupv1.c
> @@ -1665,6 +1665,72 @@ virCgroupV1GetMemSwapUsage(virCgroupPtr group,
> }
>
>
> +static int
> +virCgroupV1AllowDevice(virCgroupPtr group,
> + char type,
> + int major,
> + int minor,
> + int perms)
> +{
> + VIR_AUTOFREE(char *) devstr = NULL;
> + VIR_AUTOFREE(char *) majorstr = NULL;
> + VIR_AUTOFREE(char *) minorstr = NULL;
> +
> + if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
> + (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))
> + return -1;
> +
> + if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
> + (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))
> + return -1;
> +
> + if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
> + virCgroupGetDevicePermsString(perms)) < 0)
> + return -1;
> +
> + if (virCgroupSetValueStr(group,
> + VIR_CGROUP_CONTROLLER_DEVICES,
> + "devices.allow",
> + devstr) < 0)
> + return -1;
> +
> + return 0;
> +}
> +
> +
> +static int
> +virCgroupV1DenyDevice(virCgroupPtr group,
> + char type,
> + int major,
> + int minor,
> + int perms)
> +{
> + VIR_AUTOFREE(char *) devstr = NULL;
> + VIR_AUTOFREE(char *) majorstr = NULL;
> + VIR_AUTOFREE(char *) minorstr = NULL;
> +
> + if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
> + (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))
> + return -1;
> +
> + if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
> + (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))
> + return -1;
> +
> + if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
> + virCgroupGetDevicePermsString(perms)) < 0)
> + return -1;
> +
> + if (virCgroupSetValueStr(group,
> + VIR_CGROUP_CONTROLLER_DEVICES,
> + "devices.deny",
> + devstr) < 0)
> + return -1;
> +
> + return 0;
> +}
> +
> +
> virCgroupBackend virCgroupV1Backend = {
> .type = VIR_CGROUP_BACKEND_TYPE_V1,
>
> @@ -1712,6 +1778,9 @@ virCgroupBackend virCgroupV1Backend = {
> .setMemSwapHardLimit = virCgroupV1SetMemSwapHardLimit,
> .getMemSwapHardLimit = virCgroupV1GetMemSwapHardLimit,
> .getMemSwapUsage = virCgroupV1GetMemSwapUsage,
> +
> + .allowDevice = virCgroupV1AllowDevice,
> + .denyDevice = virCgroupV1DenyDevice,
> };
>
>
> --
> 2.17.1
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180920/ccb2ac77/attachment-0001.htm>
More information about the libvir-list
mailing list