* src/qemu/qemu_cgroup.h (struct qemuCgroupData): New helper type.
(qemuSetupDiskPathAllow, qemuSetupChardevCgroup)
(qemuTeardownDiskPathDeny): Drop unneeded prototypes.
(qemuSetupDiskCgroup, qemuTeardownDiskCgroup): Adjust prototype.
* src/qemu/qemu_cgroup.c
(qemuSetupDiskPathAllow, qemuSetupChardevCgroup)
(qemuTeardownDiskPathDeny): Mark static and use new type.
(qemuSetupHostUsbDeviceCgroup): Use new type.
(qemuSetupDiskCgroup): Alter signature.
(qemuSetupCgroup): Adjust caller.
* src/qemu/qemu_hotplug.c (qemuDomainAttachHostUsbDevice)
(qemuDomainDetachPciDiskDevice, qemuDomainDetachSCSIDiskDevice):
Likewise.
* src/qemu/qemu_driver.c (qemudDomainAttachDevice)
(qemuDomainUpdateDeviceFlags): Likewise.
---
Relatively straight-forward - all existing qemu audit entries include
the vm being altered; so we need to pass vm through to the
lowest-level points in qemu that alter the cgroup device whitelist.
src/qemu/qemu_cgroup.c | 58 ++++++++++++++++++++++++++--------------------
src/qemu/qemu_cgroup.h | 21 +++++++---------
src/qemu/qemu_driver.c | 8 +++---
src/qemu/qemu_hotplug.c | 7 +++--
4 files changed, 50 insertions(+), 44 deletions(-)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 8cd6ce9..38eacfb 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -54,18 +54,18 @@ int qemuCgroupControllerActive(struct qemud_driver *driver,
return 0;
}
-
-int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
- const char *path,
- size_t depth ATTRIBUTE_UNUSED,
- void *opaque)
+static int
+qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
+ const char *path,
+ size_t depth ATTRIBUTE_UNUSED,
+ void *opaque)
{
- virCgroupPtr cgroup = opaque;
+ qemuCgroupData *data = opaque;
int rc;
VIR_DEBUG("Process path %s for disk", path);
/* XXX RO vs RW */
- rc = virCgroupAllowDevicePath(cgroup, path);
+ rc = virCgroupAllowDevicePath(data->cgroup, path);
if (rc != 0) {
/* Get this for non-block devices */
if (rc == -EINVAL) {
@@ -84,28 +84,31 @@ int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
int qemuSetupDiskCgroup(struct qemud_driver *driver,
+ virDomainObjPtr vm,
virCgroupPtr cgroup,
virDomainDiskDefPtr disk)
{
+ qemuCgroupData data = { vm, cgroup };
return virDomainDiskDefForeachPath(disk,
driver->allowDiskFormatProbing,
true,
qemuSetupDiskPathAllow,
- cgroup);
+ &data);
}
-int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
- const char *path,
- size_t depth ATTRIBUTE_UNUSED,
- void *opaque)
+static int
+qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
+ const char *path,
+ size_t depth ATTRIBUTE_UNUSED,
+ void *opaque)
{
- virCgroupPtr cgroup = opaque;
+ qemuCgroupData *data = opaque;
int rc;
VIR_DEBUG("Process path %s for disk", path);
/* XXX RO vs RW */
- rc = virCgroupDenyDevicePath(cgroup, path);
+ rc = virCgroupDenyDevicePath(data->cgroup, path);
if (rc != 0) {
/* Get this for non-block devices */
if (rc == -EINVAL) {
@@ -124,22 +127,25 @@ int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
int qemuTeardownDiskCgroup(struct qemud_driver *driver,
+ virDomainObjPtr vm,
virCgroupPtr cgroup,
virDomainDiskDefPtr disk)
{
+ qemuCgroupData data = { vm, cgroup };
return virDomainDiskDefForeachPath(disk,
driver->allowDiskFormatProbing,
true,
qemuTeardownDiskPathDeny,
- cgroup);
+ &data);
}
-int qemuSetupChardevCgroup(virDomainDefPtr def,
- virDomainChrDefPtr dev,
- void *opaque)
+static int
+qemuSetupChardevCgroup(virDomainDefPtr def,
+ virDomainChrDefPtr dev,
+ void *opaque)
{
- virCgroupPtr cgroup = opaque;
+ qemuCgroupData *data = opaque;
int rc;
if (dev->source.type != VIR_DOMAIN_CHR_TYPE_DEV)
@@ -147,7 +153,7 @@ int qemuSetupChardevCgroup(virDomainDefPtr def,
VIR_DEBUG("Process path '%s' for disk", dev->source.data.file.path);
- rc = virCgroupAllowDevicePath(cgroup, dev->source.data.file.path);
+ rc = virCgroupAllowDevicePath(data->cgroup, dev->source.data.file.path);
if (rc != 0) {
virReportSystemError(-rc,
_("Unable to allow device %s for %s"),
@@ -163,11 +169,11 @@ int qemuSetupHostUsbDeviceCgroup(usbDevice *dev ATTRIBUTE_UNUSED,
const char *path,
void *opaque)
{
- virCgroupPtr cgroup = opaque;
+ qemuCgroupData *data = opaque;
int rc;
VIR_DEBUG("Process path '%s' for USB device", path);
- rc = virCgroupAllowDevicePath(cgroup, path);
+ rc = virCgroupAllowDevicePath(data->cgroup, path);
if (rc != 0) {
virReportSystemError(-rc,
_("Unable to allow device %s"),
@@ -201,6 +207,7 @@ int qemuSetupCgroup(struct qemud_driver *driver,
}
if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES)) {
+ qemuCgroupData data = { vm, cgroup };
rc = virCgroupDenyAllDevices(cgroup);
if (rc != 0) {
if (rc == -EPERM) {
@@ -214,7 +221,7 @@ int qemuSetupCgroup(struct qemud_driver *driver,
}
for (i = 0; i < vm->def->ndisks ; i++) {
- if (qemuSetupDiskCgroup(driver, cgroup, vm->def->disks[i]) < 0)
+ if (qemuSetupDiskCgroup(driver, vm, cgroup, vm->def->disks[i]) < 0)
goto cleanup;
}
@@ -249,7 +256,7 @@ int qemuSetupCgroup(struct qemud_driver *driver,
if (virDomainChrDefForeach(vm->def,
true,
qemuSetupChardevCgroup,
- cgroup) < 0)
+ &data) < 0)
goto cleanup;
for (i = 0; i < vm->def->nhostdevs; i++) {
@@ -265,7 +272,8 @@ int qemuSetupCgroup(struct qemud_driver *driver,
hostdev->source.subsys.u.usb.device)) == NULL)
goto cleanup;
- if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup, cgroup) < 0 )
+ if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup,
+ &data) < 0)
goto cleanup;
}
}
diff --git a/src/qemu/qemu_cgroup.h b/src/qemu/qemu_cgroup.h
index 0a9692b..299bd2d 100644
--- a/src/qemu/qemu_cgroup.h
+++ b/src/qemu/qemu_cgroup.h
@@ -1,7 +1,7 @@
/*
* qemu_cgroup.h: QEMU cgroup management
*
- * Copyright (C) 2006-2007, 2009-2010 Red Hat, Inc.
+ * Copyright (C) 2006-2007, 2009-2011 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@@ -28,25 +28,22 @@
# include "domain_conf.h"
# include "qemu_conf.h"
+struct _qemuCgroupData {
+ virDomainObjPtr vm;
+ virCgroupPtr cgroup;
+};
+typedef struct _qemuCgroupData qemuCgroupData;
+
int qemuCgroupControllerActive(struct qemud_driver *driver,
int controller);
-int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk,
- const char *path,
- size_t depth,
- void *opaque);
int qemuSetupDiskCgroup(struct qemud_driver *driver,
+ virDomainObjPtr vm,
virCgroupPtr cgroup,
virDomainDiskDefPtr disk);
-int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk,
- const char *path,
- size_t depth,
- void *opaque);
int qemuTeardownDiskCgroup(struct qemud_driver *driver,
+ virDomainObjPtr vm,
virCgroupPtr cgroup,
virDomainDiskDefPtr disk);
-int qemuSetupChardevCgroup(virDomainDefPtr def,
- virDomainChrDefPtr dev,
- void *opaque);
int qemuSetupHostUsbDeviceCgroup(usbDevice *dev,
const char *path,
void *opaque);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 82a2210..375ad2b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6559,7 +6559,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
vm->def->name);
goto endjob;
}
- if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0)
+ if (qemuSetupDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0)
goto endjob;
}
@@ -6605,7 +6605,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
/* Fallthrough */
}
if (ret != 0 && cgroup) {
- if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
+ if (qemuTeardownDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src));
}
@@ -6730,7 +6730,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
vm->def->name);
goto endjob;
}
- if (qemuSetupDiskCgroup(driver, cgroup, dev->data.disk) < 0)
+ if (qemuSetupDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0)
goto endjob;
}
@@ -6754,7 +6754,7 @@ static int qemuDomainUpdateDeviceFlags(virDomainPtr dom,
}
if (ret != 0 && cgroup) {
- if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
+ if (qemuTeardownDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src));
}
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index fb9db5a..e959151 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -893,6 +893,7 @@ int qemuDomainAttachHostUsbDevice(struct qemud_driver *driver,
if (qemuCgroupControllerActive(driver, VIR_CGROUP_CONTROLLER_DEVICES)) {
virCgroupPtr cgroup = NULL;
usbDevice *usb;
+ qemuCgroupData data = { vm, cgroup };
if (virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0) !=0 ) {
qemuReportError(VIR_ERR_INTERNAL_ERROR,
@@ -905,7 +906,7 @@ int qemuDomainAttachHostUsbDevice(struct qemud_driver *driver,
hostdev->source.subsys.u.usb.device)) == NULL)
goto error;
- if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup, cgroup) < 0 )
+ if (usbDeviceFileIterate(usb, qemuSetupHostUsbDeviceCgroup, &data) < 0)
goto error;
}
@@ -1206,7 +1207,7 @@ int qemuDomainDetachPciDiskDevice(struct qemud_driver *driver,
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) {
- if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
+ if (qemuTeardownDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src));
}
@@ -1284,7 +1285,7 @@ int qemuDomainDetachSCSIDiskDevice(struct qemud_driver *driver,
VIR_WARN("Unable to restore security label on %s", dev->data.disk->src);
if (cgroup != NULL) {
- if (qemuTeardownDiskCgroup(driver, cgroup, dev->data.disk) < 0)
+ if (qemuTeardownDiskCgroup(driver, vm, cgroup, dev->data.disk) < 0)
VIR_WARN("Failed to teardown cgroup for disk path %s",
NULLSTR(dev->data.disk->src));
}
--
1.7.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list