<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 18, 2018 at 5:45 PM, Pavel Hrdina <span dir="ltr"><<a href="mailto:phrdina@redhat.com" target="_blank">phrdina@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Signed-off-by: Pavel Hrdina <<a href="mailto:phrdina@redhat.com" target="_blank">phrdina@redhat.com</a>><br></blockquote><div><br></div><div>Reviewed-by: Fabiano Fidêncio <<a href="mailto:fidencio@redhat.com" target="_blank">fidencio@redhat.com</a>><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
---<br>
src/util/vircgroup.c | 68 +++++++-----------------------<wbr>------<br>
src/util/vircgroupbackend.h | 17 +++++++++<br>
src/util/vircgroupv1.c | 69 ++++++++++++++++++++++++++++++<wbr>+++++++<br>
3 files changed, 98 insertions(+), 56 deletions(-)<br>
<br>
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c<br>
index 38a30b759f..8a54437dfa 100644<br>
--- a/src/util/vircgroup.c<br>
+++ b/src/util/vircgroup.c<br>
@@ -1877,29 +1877,7 @@ int<br>
virCgroupAllowDevice(virCgrou<wbr>pPtr group, char type, int major, int minor,<br>
int perms)<br>
{<br>
- VIR_AUTOFREE(char *) devstr = NULL;<br>
- VIR_AUTOFREE(char *) majorstr = NULL;<br>
- VIR_AUTOFREE(char *) minorstr = NULL;<br>
-<br>
- if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||<br>
- (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))<br>
- return -1;<br>
-<br>
- if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||<br>
- (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))<br>
- return -1;<br>
-<br>
- if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,<br>
- virCgroupGetDevicePermsString(<wbr>perms)) < 0)<br>
- return -1;<br>
-<br>
- if (virCgroupSetValueStr(group,<br>
- VIR_CGROUP_CONTROLLER_<wbr>DEVICES,<br>
- "devices.allow",<br>
- devstr) < 0)<br>
- return -1;<br>
-<br>
- return 0;<br>
+ VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1, type, major, minor, perms);<br>
}<br>
<br>
<br>
@@ -1938,11 +1916,11 @@ virCgroupAllowDevicePath(virCg<wbr>roupPtr group,<br>
if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))<br>
return 1;<br>
<br>
- return virCgroupAllowDevice(group,<br>
- S_ISCHR(sb.st_mode) ? 'c' : 'b',<br>
- major(sb.st_rdev),<br>
- minor(sb.st_rdev),<br>
- perms);<br>
+ VIR_CGROUP_BACKEND_CALL(group, allowDevice, -1,<br>
+ S_ISCHR(sb.st_mode) ? 'c' : 'b',<br>
+ major(sb.st_rdev),<br>
+ minor(sb.st_rdev),<br>
+ perms);<br>
}<br>
<br>
<br>
@@ -1961,29 +1939,7 @@ int<br>
virCgroupDenyDevice(virCgroup<wbr>Ptr group, char type, int major, int minor,<br>
int perms)<br>
{<br>
- VIR_AUTOFREE(char *) devstr = NULL;<br>
- VIR_AUTOFREE(char *) majorstr = NULL;<br>
- VIR_AUTOFREE(char *) minorstr = NULL;<br>
-<br>
- if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||<br>
- (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))<br>
- return -1;<br>
-<br>
- if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||<br>
- (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))<br>
- return -1;<br>
-<br>
- if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,<br>
- virCgroupGetDevicePermsString(<wbr>perms)) < 0)<br>
- return -1;<br>
-<br>
- if (virCgroupSetValueStr(group,<br>
- VIR_CGROUP_CONTROLLER_<wbr>DEVICES,<br>
- "devices.deny",<br>
- devstr) < 0)<br>
- return -1;<br>
-<br>
- return 0;<br>
+ VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1, type, major, minor, perms);<br>
}<br>
<br>
<br>
@@ -2022,11 +1978,11 @@ virCgroupDenyDevicePath(virCgr<wbr>oupPtr group,<br>
if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))<br>
return 1;<br>
<br>
- return virCgroupDenyDevice(group,<br>
- S_ISCHR(sb.st_mode) ? 'c' : 'b',<br>
- major(sb.st_rdev),<br>
- minor(sb.st_rdev),<br>
- perms);<br>
+ VIR_CGROUP_BACKEND_CALL(group, denyDevice, -1,<br>
+ S_ISCHR(sb.st_mode) ? 'c' : 'b',<br>
+ major(sb.st_rdev),<br>
+ minor(sb.st_rdev),<br>
+ perms);<br>
}<br>
<br>
<br>
diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h<br>
index f5454e41f7..d7250cffdb 100644<br>
--- a/src/util/vircgroupbackend.h<br>
+++ b/src/util/vircgroupbackend.h<br>
@@ -247,6 +247,20 @@ typedef int<br>
(*virCgroupGetMemSwapUsageCB)<wbr>(virCgroupPtr group,<br>
unsigned long long *kb);<br>
<br>
+typedef int<br>
+(*virCgroupAllowDeviceCB)(vir<wbr>CgroupPtr group,<br>
+ char type,<br>
+ int major,<br>
+ int minor,<br>
+ int perms);<br>
+<br>
+typedef int<br>
+(*virCgroupDenyDeviceCB)(virC<wbr>groupPtr group,<br>
+ char type,<br>
+ int major,<br>
+ int minor,<br>
+ int perms);<br>
+<br>
struct _virCgroupBackend {<br>
virCgroupBackendType type;<br>
<br>
@@ -296,6 +310,9 @@ struct _virCgroupBackend {<br>
<wbr>virCgroupSetMemSwapHardLimitCB setMemSwapHardLimit;<br>
<wbr>virCgroupGetMemSwapHardLimitCB getMemSwapHardLimit;<br>
virCgroupGetMemSwapUsageCB getMemSwapUsage;<br>
+<br>
+ virCgroupAllowDeviceCB allowDevice;<br>
+ virCgroupDenyDeviceCB denyDevice;<br>
};<br>
typedef struct _virCgroupBackend virCgroupBackend;<br>
typedef virCgroupBackend *virCgroupBackendPtr;<br>
diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c<br>
index 936cf1b1f5..9ac0ef555c 100644<br>
--- a/src/util/vircgroupv1.c<br>
+++ b/src/util/vircgroupv1.c<br>
@@ -1665,6 +1665,72 @@ virCgroupV1GetMemSwapUsage(vir<wbr>CgroupPtr group,<br>
}<br>
<br>
<br>
+static int<br>
+virCgroupV1AllowDevice(virCgr<wbr>oupPtr group,<br>
+ char type,<br>
+ int major,<br>
+ int minor,<br>
+ int perms)<br>
+{<br>
+ VIR_AUTOFREE(char *) devstr = NULL;<br>
+ VIR_AUTOFREE(char *) majorstr = NULL;<br>
+ VIR_AUTOFREE(char *) minorstr = NULL;<br>
+<br>
+ if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||<br>
+ (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))<br>
+ return -1;<br>
+<br>
+ if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||<br>
+ (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))<br>
+ return -1;<br>
+<br>
+ if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,<br>
+ virCgroupGetDevicePermsString(<wbr>perms)) < 0)<br>
+ return -1;<br>
+<br>
+ if (virCgroupSetValueStr(group,<br>
+ VIR_CGROUP_CONTROLLER_<wbr>DEVICES,<br>
+ "devices.allow",<br>
+ devstr) < 0)<br>
+ return -1;<br>
+<br>
+ return 0;<br>
+}<br>
+<br>
+<br>
+static int<br>
+virCgroupV1DenyDevice(virCgro<wbr>upPtr group,<br>
+ char type,<br>
+ int major,<br>
+ int minor,<br>
+ int perms)<br>
+{<br>
+ VIR_AUTOFREE(char *) devstr = NULL;<br>
+ VIR_AUTOFREE(char *) majorstr = NULL;<br>
+ VIR_AUTOFREE(char *) minorstr = NULL;<br>
+<br>
+ if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||<br>
+ (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))<br>
+ return -1;<br>
+<br>
+ if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||<br>
+ (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))<br>
+ return -1;<br>
+<br>
+ if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,<br>
+ virCgroupGetDevicePermsString(<wbr>perms)) < 0)<br>
+ return -1;<br>
+<br>
+ if (virCgroupSetValueStr(group,<br>
+ VIR_CGROUP_CONTROLLER_<wbr>DEVICES,<br>
+ "devices.deny",<br>
+ devstr) < 0)<br>
+ return -1;<br>
+<br>
+ return 0;<br>
+}<br>
+<br>
+<br>
virCgroupBackend virCgroupV1Backend = {<br>
.type = VIR_CGROUP_BACKEND_TYPE_V1,<br>
<br>
@@ -1712,6 +1778,9 @@ virCgroupBackend virCgroupV1Backend = {<br>
.setMemSwapHardLimit = virCgroupV1SetMemSwapHardLimit<wbr>,<br>
.getMemSwapHardLimit = virCgroupV1GetMemSwapHardLimit<wbr>,<br>
.getMemSwapUsage = virCgroupV1GetMemSwapUsage,<br>
+<br>
+ .allowDevice = virCgroupV1AllowDevice,<br>
+ .denyDevice = virCgroupV1DenyDevice,<br>
};<br>
<span class="m_-1845093955995350614HOEnZb"><font color="#888888"> <br>
<br>
-- <br>
2.17.1<br>
<br>
--<br>
libvir-list mailing list<br>
<a href="mailto:libvir-list@redhat.com" target="_blank">libvir-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/libvir-list" rel="noreferrer" target="_blank">https://www.redhat.com/mailman<wbr>/listinfo/libvir-list</a><br>
</font></span></blockquote></div><br></div></div>