Remove non-functional code for setting up non-root cgroups

The virCgroupNewDriver method had a 'bool privileged' param. If a false value was ever passed in, it would simply not work, since non-root users don't have any privileges to create new cgroups. Just delete this broken code entirely and make the QEMU driver skip cgroup setup in non-privileged mode Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>

Remove non-functional code for setting up non-root cgroups
The virCgroupNewDriver method had a 'bool privileged' param. If a false value was ever passed in, it would simply not work, since non-root users don't have any privileges to create new cgroups. Just delete this broken code entirely and make the QEMU driver skip cgroup setup in non-privileged mode Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>
767596bd · Daniel P. Berrange · db44eb1b · 767596bd · 767596bd · 767596bd
5 changed file
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -580,7 +580,6 @@ virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def, bool startup)
        }
    } else {
        rc = virCgroupNewDriver("lxc",
-                                true,
                                true,
                                -1,
                                &parent);

--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -223,6 +223,9 @@ int qemuInitCgroup(virQEMUDriverPtr driver,
    virCgroupPtr parent = NULL;
    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);

+    if (!cfg->privileged)
+        goto done;
+
    virCgroupFree(&priv->cgroup);

    if (!vm->def->resource && startup) {
@@ -283,7 +286,6 @@ int qemuInitCgroup(virQEMUDriverPtr driver,
        }
    } else {
        rc = virCgroupNewDriver("qemu",
-                                cfg->privileged,
                                true,
                                cfg->cgroupControllers,
                                &parent);

--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -795,8 +795,7 @@ err:
    return rc;
 }

-static int virCgroupAppRoot(bool privileged,
-                            virCgroupPtr *group,
+static int virCgroupAppRoot(virCgroupPtr *group,
                            bool create,
                            int controllers)
 {
@@ -808,26 +807,7 @@ static int virCgroupAppRoot(bool privileged,
    if (rc != 0)
        return rc;

-    if (privileged) {
-        rc = virCgroupNew("libvirt", selfgrp, controllers, group);
-    } else {
-        char *rootname;
-        char *username;
-        username = virGetUserName(getuid());
-        if (!username) {
-            rc = -ENOMEM;
-            goto cleanup;
-        }
-        rc = virAsprintf(&rootname, "libvirt-%s", username);
-        VIR_FREE(username);
-        if (rc < 0) {
-            rc = -ENOMEM;
-            goto cleanup;
-        }
-
-        rc = virCgroupNew(rootname, selfgrp, controllers, group);
-        VIR_FREE(rootname);
-    }
+    rc = virCgroupNew("libvirt", selfgrp, controllers, group);
    if (rc != 0)
        goto cleanup;

@@ -1137,7 +1117,6 @@ int virCgroupNewPartition(const char *path ATTRIBUTE_UNUSED,
 */
 #if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
 int virCgroupNewDriver(const char *name,
-                       bool privileged,
                       bool create,
                       int controllers,
                       virCgroupPtr *group)
@@ -1145,7 +1124,7 @@ int virCgroupNewDriver(const char *name,
    int rc;
    virCgroupPtr rootgrp = NULL;

-    rc = virCgroupAppRoot(privileged, &rootgrp,
+    rc = virCgroupAppRoot(&rootgrp,
                          create, controllers);
    if (rc != 0)
        goto out;
@@ -1165,7 +1144,6 @@ out:
 }
 #else
 int virCgroupNewDriver(const char *name ATTRIBUTE_UNUSED,
-                       bool privileged ATTRIBUTE_UNUSED,
                       bool create ATTRIBUTE_UNUSED,
                       int controllers ATTRIBUTE_UNUSED,
                       virCgroupPtr *group ATTRIBUTE_UNUSED)

--- a/src/util/vircgroup.h
+++ b/src/util/vircgroup.h
@@ -51,7 +51,6 @@ int virCgroupNewPartition(const char *path,
    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);

 int virCgroupNewDriver(const char *name,
-                       bool privileged,
                       bool create,
                       int controllers,
                       virCgroupPtr *group)

--- a/tests/vircgrouptest.c
+++ b/tests/vircgrouptest.c
@@ -140,13 +140,13 @@ static int testCgroupNewForDriver(const void *args ATTRIBUTE_UNUSED)
        [VIR_CGROUP_CONTROLLER_BLKIO] = "/libvirt/lxc",
    };

-    if ((rv = virCgroupNewDriver("lxc", true, false, -1, &cgroup)) != -ENOENT) {
+    if ((rv = virCgroupNewDriver("lxc", false, -1, &cgroup)) != -ENOENT) {
        fprintf(stderr, "Unexpected found LXC cgroup: %d\n", -rv);
        goto cleanup;
    }

    /* Asking for impossible combination since CPU is co-mounted */
-    if ((rv = virCgroupNewDriver("lxc", true, true,
+    if ((rv = virCgroupNewDriver("lxc", true,
                                 (1 << VIR_CGROUP_CONTROLLER_CPU),
                                 &cgroup)) != -EINVAL) {
        fprintf(stderr, "Should not have created LXC cgroup: %d\n", -rv);
@@ -154,7 +154,7 @@ static int testCgroupNewForDriver(const void *args ATTRIBUTE_UNUSED)
    }

    /* Asking for impossible combination since devices is not mounted */
-    if ((rv = virCgroupNewDriver("lxc", true, true,
+    if ((rv = virCgroupNewDriver("lxc", true,
                                 (1 << VIR_CGROUP_CONTROLLER_DEVICES),
                                 &cgroup)) != -ENOENT) {
        fprintf(stderr, "Should not have created LXC cgroup: %d\n", -rv);
@@ -162,7 +162,7 @@ static int testCgroupNewForDriver(const void *args ATTRIBUTE_UNUSED)
    }

    /* Asking for small combination since devices is not mounted */
-    if ((rv = virCgroupNewDriver("lxc", true, true,
+    if ((rv = virCgroupNewDriver("lxc", true,
                                 (1 << VIR_CGROUP_CONTROLLER_CPU) |
                                 (1 << VIR_CGROUP_CONTROLLER_CPUACCT) |
                                 (1 << VIR_CGROUP_CONTROLLER_MEMORY),
@@ -173,7 +173,7 @@ static int testCgroupNewForDriver(const void *args ATTRIBUTE_UNUSED)
    ret = validateCgroup(cgroup, "libvirt/lxc", mountsSmall, placementSmall);
    virCgroupFree(&cgroup);

-    if ((rv = virCgroupNewDriver("lxc", true, true, -1, &cgroup)) != 0) {
+    if ((rv = virCgroupNewDriver("lxc", true, -1, &cgroup)) != 0) {
        fprintf(stderr, "Cannot create LXC cgroup: %d\n", -rv);
        goto cleanup;
    }
@@ -201,7 +201,7 @@ static int testCgroupNewForDriverDomain(const void *args ATTRIBUTE_UNUSED)
        [VIR_CGROUP_CONTROLLER_BLKIO] = "/libvirt/lxc/wibble",
    };

-    if ((rv = virCgroupNewDriver("lxc", true, false, -1, &drivercgroup)) != 0) {
+    if ((rv = virCgroupNewDriver("lxc", false, -1, &drivercgroup)) != 0) {
        fprintf(stderr, "Cannot find LXC cgroup: %d\n", -rv);
        goto cleanup;
    }