[libvirt PATCH] vircgroupv2: fix virCgroupV2DenyDevice
Michal Privoznik
mprivozn at redhat.com
Mon Nov 30 13:37:24 UTC 2020
On 11/30/20 8:22 AM, Pavel Hrdina wrote:
> The original logic is incorrect. We would delete the device entry
> from eBPF map only if the newval would be same as current val in the
> map. In case that the device was allowed only as read-only but later
> we remove all permissions for that device it would remain in the table
> with empty values.
>
> The old code would still deny the device but it's not working as
> intended. Instead we will update the value in advance. If the updated
> value is 0 it means that we are removing all permissions so it should
> be removed from the map, otherwise we will update the value in map.
>
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1810356
>
> Signed-off-by: Pavel Hrdina <phrdina at redhat.com>
> ---
> src/util/vircgroupv2.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
Michal
More information about the libvir-list
mailing list