[libvirt] [PATCH v3 00/15] implement cgroups v2 support

Pavel Hrdina phrdina at redhat.com
Thu Apr 25 07:44:17 UTC 2019 

In cgroups v2 there is no devices controller, eBPF should be used
instead.

Changes in v3:
    - removed workaround for kernel bug [1]
    - added documentation how to get the eBPF program

Changes in v2:
    - fixed build on bsd and older kernels without cgroup BPF
    - cgroup bpf devices code moved to separate file

Documentation for eBPF:

<http://man7.org/linux/man-pages/man2/bpf.2.html>
<https://www.kernel.org/doc/Documentation/networking/filter.txt>
<https://docs.cilium.io/en/v1.3/bpf/>

[1] <https://bugzilla.redhat.com/show_bug.cgi?id=1656432>

Pavel Hrdina (15):
  util: introduce virbpf helpers
  vircgroup: introduce virCgroupV2DevicesAvailable
  vircgroup: introduce virCgroupV2DevicesAttachProg
  vircgroup: introduce virCgroupV2DevicesDetectProg
  vircgroup: introduce virCgroupV2DevicesCreateProg
  vircgroup: introduce virCgroupV2DevicesPrepareProg
  vircgroup: introduce virCgroupV2DevicesRemoveProg
  vircgroup: introduce virCgroupV2DeviceGetPerms
  vircgroup: introduce virCgroupV2DevicesGetKey
  vircgroup: introduce virCgroupV2AllowDevice
  vircgroup: introduce virCgroupV2DenyDevice
  vircgroup: introduce virCgroupV2AllowAllDevices
  vircgroup: introduce virCgroupV2DenyAllDevices
  vircgroup: workaround devices in hybrid mode
  vircgroupmock: mock virCgroupV2DevicesAvailable

 configure.ac                      |   6 +
 include/libvirt/virterror.h       |   2 +
 src/Makefile.am                   |   2 +
 src/libvirt_private.syms          |  26 ++
 src/util/Makefile.inc.am          |   4 +
 src/util/virbpf.c                 | 438 +++++++++++++++++++
 src/util/virbpf.h                 | 259 ++++++++++++
 src/util/vircgroup.c              |   3 +-
 src/util/vircgroupbackend.h       |   3 +-
 src/util/vircgrouppriv.h          |  10 +
 src/util/vircgroupv1.c            |   9 +-
 src/util/vircgroupv2.c            | 117 +++++-
 src/util/vircgroupv2devices.c     | 670 ++++++++++++++++++++++++++++++
 src/util/vircgroupv2devices.h     |  57 +++
 src/util/virerror.c               |   2 +
 tests/vircgroupdata/hybrid.parsed |   2 +-
 tests/vircgroupmock.c             |   7 +
 tests/vircgrouptest.c             |   4 +-
 18 files changed, 1613 insertions(+), 8 deletions(-)
 create mode 100644 src/util/virbpf.c
 create mode 100644 src/util/virbpf.h
 create mode 100644 src/util/vircgroupv2devices.c
 create mode 100644 src/util/vircgroupv2devices.h

-- 
2.20.1

More information about the libvir-list mailing list