In cgroups v2 there is no devices controller, BPF should be used instead. Patches 3 - 12 will be squashed into single commit and they need to be compiled together, I've separated them to make review easier. Pavel Hrdina (19): util: introduce virbpf helpers vircgroup: introduce virCgroupV2DevicesAvailable vircgroup: introduce virCgroupV2DeviceLoadProg vircgroup: introduce virCgroupV2DeviceAttachProg vircgroup: introduce virCgroupV2DeviceDetectProg vircgroup: introduce virCgroupV2DeviceCreateProg vircgroup: introduce virCgroupV2DeviceReallocMap vircgroup: introduce virCgroupV2DevicePrepareProg vircgroup: introduce virCgroupV2DeviceRemoveProg vircgroup: introduce virCgroupV2DeviceGetPerms vircgroup: introduce virCgroupV2DeviceGetKey vircgroup: introduce virCgroupV2AllowDevice vircgroup: introduce virCgroupV2DenyDevice vircgroup: introduce virCgroupV2AllowAllDevices vircgroup: introduce virCgroupV2DenyAllDevices vircgroup: workaround devices in hybrid mode vircgroupv2: detech BPF program before removing cgroup vircgroupv2: use dummy process to workaround kernel bug with systemd vircgroupmock: mock virBPFQueryProg include/libvirt/virterror.h | 1 + src/Makefile.am | 1 + src/libvirt_private.syms | 17 + src/lxc/lxc_cgroup.c | 1 + src/qemu/qemu_cgroup.c | 6 +- src/util/Makefile.inc.am | 2 + src/util/virbpf.c | 263 ++++++++++++ src/util/virbpf.h | 249 ++++++++++++ src/util/vircgroup.c | 18 +- src/util/vircgroup.h | 1 + src/util/vircgroupbackend.h | 3 +- src/util/vircgrouppriv.h | 12 + src/util/vircgroupv1.c | 9 +- src/util/vircgroupv2.c | 638 +++++++++++++++++++++++++++++- src/util/virerror.c | 1 + src/util/virsystemd.c | 2 +- src/util/virsystemd.h | 2 + tests/vircgroupdata/hybrid.parsed | 2 +- tests/vircgroupmock.c | 11 + tests/vircgrouptest.c | 4 +- 20 files changed, 1233 insertions(+), 10 deletions(-) create mode 100644 src/util/virbpf.c create mode 100644 src/util/virbpf.h -- 2.20.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
