[PATCH v2 00/17] implement cgroups v2 devices support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In cgroups v2 there is no devices controller, BPF should be used
instead.

Changes in v2:
    - fixed build on bsd and older kernels without cgroup BPF
    - cgroup bpf devices code moved to separate file

Documentation for eBPF:

<http://man7.org/linux/man-pages/man2/bpf.2.html>
<https://www.kernel.org/doc/Documentation/networking/filter.txt>
<https://docs.cilium.io/en/v1.3/bpf/>

Pavel Hrdina (17):
  util: introduce virbpf helpers
  vircgroup: introduce virCgroupV2DevicesAvailable
  vircgroup: introduce virCgroupV2DevicesAttachProg
  vircgroup: introduce virCgroupV2DevicesDetectProg
  vircgroup: introduce virCgroupV2DevicesCreateProg
  vircgroup: introduce virCgroupV2DevicesPrepareProg
  vircgroup: introduce virCgroupV2DevicesRemoveProg
  vircgroup: introduce virCgroupV2DeviceGetPerms
  vircgroup: introduce virCgroupV2DevicesGetKey
  vircgroup: introduce virCgroupV2AllowDevice
  vircgroup: introduce virCgroupV2DenyDevice
  vircgroup: introduce virCgroupV2AllowAllDevices
  vircgroup: introduce virCgroupV2DenyAllDevices
  vircgroup: workaround devices in hybrid mode
  vircgroupv2: detech BPF program before removing cgroup
  vircgroupv2: use dummy process to workaround kernel bug with systemd
  vircgroupmock: mock virCgroupV2DevicesAvailable

 configure.ac                      |   6 +
 include/libvirt/virterror.h       |   1 +
 src/Makefile.am                   |   2 +
 src/libvirt_private.syms          |  27 ++
 src/lxc/lxc_cgroup.c              |   1 +
 src/qemu/qemu_cgroup.c            |   6 +-
 src/util/Makefile.inc.am          |   4 +
 src/util/virbpf.c                 | 437 +++++++++++++++++++++
 src/util/virbpf.h                 | 271 +++++++++++++
 src/util/vircgroup.c              |  19 +-
 src/util/vircgroup.h              |   1 +
 src/util/vircgroupbackend.h       |   3 +-
 src/util/vircgrouppriv.h          |  12 +
 src/util/vircgroupv1.c            |   9 +-
 src/util/vircgroupv2.c            | 119 +++++-
 src/util/vircgroupv2devices.c     | 625 ++++++++++++++++++++++++++++++
 src/util/vircgroupv2devices.h     |  57 +++
 src/util/virerror.c               |   1 +
 src/util/virsystemd.c             |   2 +-
 src/util/virsystemd.h             |   2 +
 tests/vircgroupdata/hybrid.parsed |   2 +-
 tests/vircgroupmock.c             |   7 +
 tests/vircgrouptest.c             |   4 +-
 23 files changed, 1608 insertions(+), 10 deletions(-)
 create mode 100644 src/util/virbpf.c
 create mode 100644 src/util/virbpf.h
 create mode 100644 src/util/vircgroupv2devices.c
 create mode 100644 src/util/vircgroupv2devices.h

-- 
2.20.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux