[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH v2 00/17] implement cgroups v2 devices support



In cgroups v2 there is no devices controller, BPF should be used
instead.

Changes in v2:
    - fixed build on bsd and older kernels without cgroup BPF
    - cgroup bpf devices code moved to separate file

Documentation for eBPF:

<http://man7.org/linux/man-pages/man2/bpf.2.html>
<https://www.kernel.org/doc/Documentation/networking/filter.txt>
<https://docs.cilium.io/en/v1.3/bpf/>

Pavel Hrdina (17):
  util: introduce virbpf helpers
  vircgroup: introduce virCgroupV2DevicesAvailable
  vircgroup: introduce virCgroupV2DevicesAttachProg
  vircgroup: introduce virCgroupV2DevicesDetectProg
  vircgroup: introduce virCgroupV2DevicesCreateProg
  vircgroup: introduce virCgroupV2DevicesPrepareProg
  vircgroup: introduce virCgroupV2DevicesRemoveProg
  vircgroup: introduce virCgroupV2DeviceGetPerms
  vircgroup: introduce virCgroupV2DevicesGetKey
  vircgroup: introduce virCgroupV2AllowDevice
  vircgroup: introduce virCgroupV2DenyDevice
  vircgroup: introduce virCgroupV2AllowAllDevices
  vircgroup: introduce virCgroupV2DenyAllDevices
  vircgroup: workaround devices in hybrid mode
  vircgroupv2: detech BPF program before removing cgroup
  vircgroupv2: use dummy process to workaround kernel bug with systemd
  vircgroupmock: mock virCgroupV2DevicesAvailable

 configure.ac                      |   6 +
 include/libvirt/virterror.h       |   1 +
 src/Makefile.am                   |   2 +
 src/libvirt_private.syms          |  27 ++
 src/lxc/lxc_cgroup.c              |   1 +
 src/qemu/qemu_cgroup.c            |   6 +-
 src/util/Makefile.inc.am          |   4 +
 src/util/virbpf.c                 | 437 +++++++++++++++++++++
 src/util/virbpf.h                 | 271 +++++++++++++
 src/util/vircgroup.c              |  19 +-
 src/util/vircgroup.h              |   1 +
 src/util/vircgroupbackend.h       |   3 +-
 src/util/vircgrouppriv.h          |  12 +
 src/util/vircgroupv1.c            |   9 +-
 src/util/vircgroupv2.c            | 119 +++++-
 src/util/vircgroupv2devices.c     | 625 ++++++++++++++++++++++++++++++
 src/util/vircgroupv2devices.h     |  57 +++
 src/util/virerror.c               |   1 +
 src/util/virsystemd.c             |   2 +-
 src/util/virsystemd.h             |   2 +
 tests/vircgroupdata/hybrid.parsed |   2 +-
 tests/vircgroupmock.c             |   7 +
 tests/vircgrouptest.c             |   4 +-
 23 files changed, 1608 insertions(+), 10 deletions(-)
 create mode 100644 src/util/virbpf.c
 create mode 100644 src/util/virbpf.h
 create mode 100644 src/util/vircgroupv2devices.c
 create mode 100644 src/util/vircgroupv2devices.h

-- 
2.20.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]