qemu_cgroup: Allow/disallow devmapper control iff available

https://bugzilla.redhat.com/show_bug.cgi?id=1591732 On kernels without device mapper support there won't be /dev/mapper/control. Therefore it doesn't make much sense to put it into devices CGroup. Signed-off-by: N Michal Privoznik <mprivozn@redhat.com> Reviewed-by: N Ján Tomko <jtomko@redhat.com>

qemu_cgroup: Allow/disallow devmapper control iff available
https://bugzilla.redhat.com/show_bug.cgi?id=1591732 On kernels without device mapper support there won't be /dev/mapper/control. Therefore it doesn't make much sense to put it into devices CGroup. Signed-off-by: N Michal Privoznik <mprivozn@redhat.com> Reviewed-by: N Ján Tomko <jtomko@redhat.com>
8d2a9f09 · Michal Privoznik · 170d1e31 · 8d2a9f09
隐藏空白更改
内联并排

Showing with 19 addition and 17 deletion

src/qemu/qemu_cgroup.c src/qemu/qemu_cgroup.c +19 -17

未找到文件。
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -129,6 +129,7 @@ qemuSetupImageCgroupInternal(virDomainObjPtr vm,
    }

    if (virStoragePRDefIsManaged(src->pr) &&
+        virFileExists(DEVICE_MAPPER_CONTROL_PATH) &&
        qemuSetupImagePathCgroup(vm, DEVICE_MAPPER_CONTROL_PATH, false) < 0)
        return -1;

@@ -163,28 +164,29 @@ qemuTeardownImageCgroup(virDomainObjPtr vm,
        return 0;
    }

-    for (i = 0; i < vm->def->ndisks; i++) {
-        virStorageSourcePtr diskSrc = vm->def->disks[i]->src;
+    if (virFileExists(DEVICE_MAPPER_CONTROL_PATH)) {
+        for (i = 0; i < vm->def->ndisks; i++) {
+            virStorageSourcePtr diskSrc = vm->def->disks[i]->src;

-        if (src == diskSrc)
-            continue;
+            if (src == diskSrc)
+                continue;

-        if (virStoragePRDefIsManaged(diskSrc->pr))
-            break;
-    }
+            if (virStoragePRDefIsManaged(diskSrc->pr))
+                break;
+        }

-    if (i == vm->def->ndisks) {
-        VIR_DEBUG("Disabling device mapper control");
-        ret = virCgroupDenyDevicePath(priv->cgroup,
-                                      DEVICE_MAPPER_CONTROL_PATH, perms, true);
-        virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
-                                 DEVICE_MAPPER_CONTROL_PATH,
-                                 virCgroupGetDevicePermsString(perms), ret);
-        if (ret < 0)
-            return ret;
+        if (i == vm->def->ndisks) {
+            VIR_DEBUG("Disabling device mapper control");
+            ret = virCgroupDenyDevicePath(priv->cgroup,
+                                          DEVICE_MAPPER_CONTROL_PATH, perms, true);
+            virDomainAuditCgroupPath(vm, priv->cgroup, "deny",
+                                     DEVICE_MAPPER_CONTROL_PATH,
+                                     virCgroupGetDevicePermsString(perms), ret);
+            if (ret < 0)
+                return ret;
+        }
    }

-
    VIR_DEBUG("Deny path %s", src->path);

    ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms, true);