cgroup: determine when skipping non-devices

* src/util/cgroup.c (virCgroupAllowDevicePath) (virCgroupDenyDevicePath): Don't fail with EINVAL for non-devices. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update caller. * src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow) (qemuSetupChardevCgroup, qemuSetupHostUsbDeviceCgroup) (qemuSetupCgroup, qemuTeardownDiskPathDeny): Likewise.

cgroup: determine when skipping non-devices
* src/util/cgroup.c (virCgroupAllowDevicePath) (virCgroupDenyDevicePath): Don't fail with EINVAL for non-devices. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update caller. * src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow) (qemuSetupChardevCgroup, qemuSetupHostUsbDeviceCgroup) (qemuSetupCgroup, qemuTeardownDiskPathDeny): Likewise.
06173876 · Eric Blake · fd21ecfd · 06173876 · 06173876 · 06173876
隐藏空白更改
内联并排

Showing with 13 addition and 18 deletion

src/qemu/qemu_cgroup.c src/qemu/qemu_cgroup.c +6 -12

src/qemu/qemu_driver.c src/qemu/qemu_driver.c +3 -3

src/util/cgroup.c src/util/cgroup.c +4 -3

未找到文件。
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -66,11 +66,8 @@ int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
    VIR_DEBUG("Process path %s for disk", path);
    /* XXX RO vs RW */
    rc = virCgroupAllowDevicePath(cgroup, path);
-    if (rc != 0) {
+    if (rc < 0) {
-        /* Get this for non-block devices */
+        if (rc == -EACCES) { /* Get this for root squash NFS */
-        if (rc == -EINVAL) {
-            VIR_DEBUG("Ignoring EINVAL for %s", path);
-        } else if (rc == -EACCES) { /* Get this for root squash NFS */
            VIR_DEBUG("Ignoring EACCES for %s", path);
        } else {
            virReportSystemError(-rc,
@@ -106,11 +103,8 @@ int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
    VIR_DEBUG("Process path %s for disk", path);
    /* XXX RO vs RW */
    rc = virCgroupDenyDevicePath(cgroup, path);
-    if (rc != 0) {
+    if (rc < 0) {
-        /* Get this for non-block devices */
+        if (rc == -EACCES) { /* Get this for root squash NFS */
-        if (rc == -EINVAL) {
-            VIR_DEBUG("Ignoring EINVAL for %s", path);
-        } else if (rc == -EACCES) { /* Get this for root squash NFS */
            VIR_DEBUG("Ignoring EACCES for %s", path);
        } else {
            virReportSystemError(-rc,
@@ -148,7 +142,7 @@ int qemuSetupChardevCgroup(virDomainDefPtr def,
    VIR_DEBUG("Process path '%s' for disk", dev->source.data.file.path);
    rc = virCgroupAllowDevicePath(cgroup, dev->source.data.file.path);
-    if (rc != 0) {
+    if (rc < 0) {
        virReportSystemError(-rc,
                             _("Unable to allow device %s for %s"),
                             dev->source.data.file.path, def->name);
@@ -168,7 +162,7 @@ int qemuSetupHostUsbDeviceCgroup(usbDevice *dev ATTRIBUTE_UNUSED,
    VIR_DEBUG("Process path '%s' for USB device", path);
    rc = virCgroupAllowDevicePath(cgroup, path);
-    if (rc != 0) {
+    if (rc < 0) {
        virReportSystemError(-rc,
                             _("Unable to allow device %s"),
                             path);

--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1962,7 +1962,7 @@ static int qemudDomainSaveFlag(struct qemud_driver *driver, virDomainPtr dom,
            goto endjob;
        }
        rc = virCgroupAllowDevicePath(cgroup, path);
-        if (rc != 0) {
+        if (rc < 0) {
            virReportSystemError(-rc,
                                 _("Unable to allow device %s for %s"),
                                 path, vm->def->name);
@@ -2011,7 +2011,7 @@ static int qemudDomainSaveFlag(struct qemud_driver *driver, virDomainPtr dom,
    if (cgroup != NULL) {
        rc = virCgroupDenyDevicePath(cgroup, path);
-        if (rc != 0)
+        if (rc < 0)
            VIR_WARN("Unable to deny device %s for %s %d",
                     path, vm->def->name, rc);
    }
@@ -2042,7 +2042,7 @@ endjob:
            if (cgroup != NULL) {
                rc = virCgroupDenyDevicePath(cgroup, path);
-                if (rc != 0)
+                if (rc < 0)
                    VIR_WARN("Unable to deny device %s for %s: %d",
                             path, vm->def->name, rc);
            }

--- a/src/util/cgroup.c
+++ b/src/util/cgroup.c
@@ -1146,7 +1146,8 @@ int virCgroupAllowDeviceMajor(virCgroupPtr group, char type, int major)
 * Queries the type of device and its major/minor number, and
 * adds that to the cgroup ACL
 *
- * Returns: 0 on success
+ * Returns: 0 on success, 1 if path exists but is not a device, or
+ * negative errno value on failure
 */
 #if defined(major) && defined(minor)
 int virCgroupAllowDevicePath(virCgroupPtr group, const char *path)
@@ -1157,7 +1158,7 @@ int virCgroupAllowDevicePath(virCgroupPtr group, const char *path)
        return -errno;
    if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))
-        return -EINVAL;
+        return 1;
    return virCgroupAllowDevice(group,
                                S_ISCHR(sb.st_mode) ? 'c' : 'b',
@@ -1241,7 +1242,7 @@ int virCgroupDenyDevicePath(virCgroupPtr group, const char *path)
        return -errno;
    if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))
-        return -EINVAL;
+        return 1;
    return virCgroupDenyDevice(group,
                               S_ISCHR(sb.st_mode) ? 'c' : 'b',