提交 285aefb3 编写于 作者: P Pavel Hrdina

vircgroup: introduce virCgroupV2AllowAllDevices

If we want to allow all devices with all permissions we need to replace
any existing program that has any rule configured, otherwise we just
need to add new rule which will for example allow read access to all
devices.
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>
上级 d5b09ce5
...@@ -1807,6 +1807,23 @@ virCgroupV2DenyDevice(virCgroupPtr group, ...@@ -1807,6 +1807,23 @@ virCgroupV2DenyDevice(virCgroupPtr group,
} }
static int
virCgroupV2AllowAllDevices(virCgroupPtr group,
int perms)
{
if (virCgroupV2DevicesPrepareProg(group) < 0)
return -1;
if (group->unified.devices.count > 0 &&
perms == VIR_CGROUP_DEVICE_RWM &&
virCgroupV2DevicesCreateProg(group) < 0) {
return -1;
}
return virCgroupV2AllowDevice(group, 'a', -1, -1, perms);
}
virCgroupBackend virCgroupV2Backend = { virCgroupBackend virCgroupV2Backend = {
.type = VIR_CGROUP_BACKEND_TYPE_V2, .type = VIR_CGROUP_BACKEND_TYPE_V2,
...@@ -1858,6 +1875,7 @@ virCgroupBackend virCgroupV2Backend = { ...@@ -1858,6 +1875,7 @@ virCgroupBackend virCgroupV2Backend = {
.allowDevice = virCgroupV2AllowDevice, .allowDevice = virCgroupV2AllowDevice,
.denyDevice = virCgroupV2DenyDevice, .denyDevice = virCgroupV2DenyDevice,
.allowAllDevices = virCgroupV2AllowAllDevices,
.setCpuShares = virCgroupV2SetCpuShares, .setCpuShares = virCgroupV2SetCpuShares,
.getCpuShares = virCgroupV2GetCpuShares, .getCpuShares = virCgroupV2GetCpuShares,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册