<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 18, 2018 at 5:45 PM, Pavel Hrdina <span dir="ltr"><<a href="mailto:phrdina@redhat.com" target="_blank">phrdina@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Signed-off-by: Pavel Hrdina <<a href="mailto:phrdina@redhat.com" target="_blank">phrdina@redhat.com</a>><br></blockquote><div><br></div><div>Reviewed-by: Fabiano Fidêncio <<a href="mailto:fidencio@redhat.com" target="_blank">fidencio@redhat.com</a>><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
---<br>
 src/util/vircgroup.c        | 18 ++----------------<br>
 src/util/vircgroupbackend.h |  9 +++++++++<br>
 src/util/vircgroupv1.c      | 31 ++++++++++++++++++++++++++++++<wbr>+<br>
 3 files changed, 42 insertions(+), 16 deletions(-)<br>
<br>
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c<br>
index 8a54437dfa..ca36984472 100644<br>
--- a/src/util/vircgroup.c<br>
+++ b/src/util/vircgroup.c<br>
@@ -1824,10 +1824,7 @@ virCgroupGetCpusetCpus(virCgro<wbr>upPtr group, char **cpus)<br>
 int<br>
 virCgroupDenyAllDevices(virCg<wbr>roupPtr group)<br>
 {<br>
-    return virCgroupSetValueStr(group,<br>
-                                VIR_CGROUP_CONTROLLER_DEVICES,<br>
-                                "devices.deny",<br>
-                                "a");<br>
+    VIR_CGROUP_BACKEND_CALL(group, denyAllDevices, -1);<br>
 }<br>
<br>
 /**<br>
@@ -1847,18 +1844,7 @@ virCgroupDenyAllDevices(virCgr<wbr>oupPtr group)<br>
 int<br>
 virCgroupAllowAllDevices(virC<wbr>groupPtr group, int perms)<br>
 {<br>
-    int ret = -1;<br>
-<br>
-    if (virCgroupAllowDevice(group, 'b', -1, -1, perms) < 0)<br>
-        goto cleanup;<br>
-<br>
-    if (virCgroupAllowDevice(group, 'c', -1, -1, perms) < 0)<br>
-        goto cleanup;<br>
-<br>
-    ret = 0;<br>
-<br>
- cleanup:<br>
-    return ret;<br>
+    VIR_CGROUP_BACKEND_CALL(group, allowAllDevices, -1, perms);<br>
 }<br>
<br>
<br>
diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h<br>
index d7250cffdb..ce165fead4 100644<br>
--- a/src/util/vircgroupbackend.h<br>
+++ b/src/util/vircgroupbackend.h<br>
@@ -261,6 +261,13 @@ typedef int<br>
                          int minor,<br>
                          int perms);<br>
<br>
+typedef int<br>
+(*virCgroupAllowAllDevicesCB)<wbr>(virCgroupPtr group,<br>
+                              int perms);<br>
+<br>
+typedef int<br>
+(*virCgroupDenyAllDevicesCB)(<wbr>virCgroupPtr group);<br>
+<br>
 struct _virCgroupBackend {<br>
     virCgroupBackendType type;<br>
<br>
@@ -313,6 +320,8 @@ struct _virCgroupBackend {<br>
<br>
     virCgroupAllowDeviceCB allowDevice;<br>
     virCgroupDenyDeviceCB denyDevice;<br>
+    virCgroupAllowAllDevicesCB allowAllDevices;<br>
+    virCgroupDenyAllDevicesCB denyAllDevices;<br>
 };<br>
 typedef struct _virCgroupBackend virCgroupBackend;<br>
 typedef virCgroupBackend *virCgroupBackendPtr;<br>
diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c<br>
index 9ac0ef555c..bd6914f878 100644<br>
--- a/src/util/vircgroupv1.c<br>
+++ b/src/util/vircgroupv1.c<br>
@@ -1731,6 +1731,35 @@ virCgroupV1DenyDevice(virCgrou<wbr>pPtr group,<br>
 }<br>
<br>
<br>
+static int<br>
+virCgroupV1AllowAllDevices(vi<wbr>rCgroupPtr group,<br>
+                           int perms)<br>
+{<br>
+    int ret = -1;<br>
+<br>
+    if (virCgroupV1AllowDevice(group, 'b', -1, -1, perms) < 0)<br>
+        goto cleanup;<br>
+<br>
+    if (virCgroupV1AllowDevice(group, 'c', -1, -1, perms) < 0)<br>
+        goto cleanup;<br>
+<br>
+    ret = 0;<br>
+<br>
+ cleanup:<br>
+    return ret;<br>
+}<br>
+<br>
+<br>
+static int<br>
+virCgroupV1DenyAllDevices(vir<wbr>CgroupPtr group)<br>
+{<br>
+    return virCgroupSetValueStr(group,<br>
+                                VIR_CGROUP_CONTROLLER_DEVICES,<br>
+                                "devices.deny",<br>
+                                "a");<br>
+}<br>
+<br>
+<br>
 virCgroupBackend virCgroupV1Backend = {<br>
     .type = VIR_CGROUP_BACKEND_TYPE_V1,<br>
<br>
@@ -1781,6 +1810,8 @@ virCgroupBackend virCgroupV1Backend = {<br>
<br>
     .allowDevice = virCgroupV1AllowDevice,<br>
     .denyDevice = virCgroupV1DenyDevice,<br>
+    .allowAllDevices = virCgroupV1AllowAllDevices,<br>
+    .denyAllDevices = virCgroupV1DenyAllDevices,<br>
 };<br>
<span class="m_-3136475836031529930HOEnZb"><font color="#888888"> <br>
<br>
-- <br>
2.17.1<br>
<br>
--<br>
libvir-list mailing list<br>
<a href="mailto:libvir-list@redhat.com" target="_blank">libvir-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/libvir-list" rel="noreferrer" target="_blank">https://www.redhat.com/mailman<wbr>/listinfo/libvir-list</a><br>
</font></span></blockquote></div><br></div></div>