If we want to allow all devices with all permissions we need to replace
any existing program that has any rule configured, otherwise we just
need to add new rule which will for example allow read access to all
devices.
Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
---
src/util/vircgroupv2.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index b6c09baadc..8ad4de986f 100644
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -1638,6 +1638,23 @@ virCgroupV2DenyDevice(virCgroupPtr group,
}
+static int
+virCgroupV2AllowAllDevices(virCgroupPtr group,
+ int perms)
+{
+ if (virCgroupV2DevicesPrepareProg(group) < 0)
+ return -1;
+
+ if (group->unified.devices.count > 0 &&
+ perms == VIR_CGROUP_DEVICE_RWM &&
+ virCgroupV2DevicesCreateProg(group) < 0) {
+ return -1;
+ }
+
+ return virCgroupV2AllowDevice(group, 'a', -1, -1, perms);
+}
+
+
virCgroupBackend virCgroupV2Backend = {
.type = VIR_CGROUP_BACKEND_TYPE_V2,
@@ -1689,6 +1706,7 @@ virCgroupBackend virCgroupV2Backend = {
.allowDevice = virCgroupV2AllowDevice,
.denyDevice = virCgroupV2DenyDevice,
+ .allowAllDevices = virCgroupV2AllowAllDevices,
.setCpuShares = virCgroupV2SetCpuShares,
.getCpuShares = virCgroupV2GetCpuShares,
--
2.20.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
