[PATCHv2 1/5] cgroup: determine when skipping non-devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

* src/util/cgroup.c (virCgroupAllowDevicePath)
(virCgroupDenyDevicePath): Don't fail with EINVAL for
non-devices.
* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update caller.
* src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow)
(qemuSetupChardevCgroup, qemuSetupHostUsbDeviceCgroup)
(qemuSetupCgroup, qemuTeardownDiskPathDeny): Likewise.
---

v2: new patch, reduces audit log clutter in later patches

 src/qemu/qemu_cgroup.c |   18 ++++++------------
 src/qemu/qemu_driver.c |    6 +++---
 src/util/cgroup.c      |    7 ++++---
 3 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 8cd6ce9..3907a09 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -66,11 +66,8 @@ int qemuSetupDiskPathAllow(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
     VIR_DEBUG("Process path %s for disk", path);
     /* XXX RO vs RW */
     rc = virCgroupAllowDevicePath(cgroup, path);
-    if (rc != 0) {
-        /* Get this for non-block devices */
-        if (rc == -EINVAL) {
-            VIR_DEBUG("Ignoring EINVAL for %s", path);
-        } else if (rc == -EACCES) { /* Get this for root squash NFS */
+    if (rc < 0) {
+        if (rc == -EACCES) { /* Get this for root squash NFS */
             VIR_DEBUG("Ignoring EACCES for %s", path);
         } else {
             virReportSystemError(-rc,
@@ -106,11 +103,8 @@ int qemuTeardownDiskPathDeny(virDomainDiskDefPtr disk ATTRIBUTE_UNUSED,
     VIR_DEBUG("Process path %s for disk", path);
     /* XXX RO vs RW */
     rc = virCgroupDenyDevicePath(cgroup, path);
-    if (rc != 0) {
-        /* Get this for non-block devices */
-        if (rc == -EINVAL) {
-            VIR_DEBUG("Ignoring EINVAL for %s", path);
-        } else if (rc == -EACCES) { /* Get this for root squash NFS */
+    if (rc < 0) {
+        if (rc == -EACCES) { /* Get this for root squash NFS */
             VIR_DEBUG("Ignoring EACCES for %s", path);
         } else {
             virReportSystemError(-rc,
@@ -148,7 +142,7 @@ int qemuSetupChardevCgroup(virDomainDefPtr def,

     VIR_DEBUG("Process path '%s' for disk", dev->source.data.file.path);
     rc = virCgroupAllowDevicePath(cgroup, dev->source.data.file.path);
-    if (rc != 0) {
+    if (rc < 0) {
         virReportSystemError(-rc,
                              _("Unable to allow device %s for %s"),
                              dev->source.data.file.path, def->name);
@@ -168,7 +162,7 @@ int qemuSetupHostUsbDeviceCgroup(usbDevice *dev ATTRIBUTE_UNUSED,

     VIR_DEBUG("Process path '%s' for USB device", path);
     rc = virCgroupAllowDevicePath(cgroup, path);
-    if (rc != 0) {
+    if (rc < 0) {
         virReportSystemError(-rc,
                              _("Unable to allow device %s"),
                              path);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index c58c20e..15b9bc0 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1963,7 +1963,7 @@ static int qemudDomainSaveFlag(struct qemud_driver *driver, virDomainPtr dom,
             goto endjob;
         }
         rc = virCgroupAllowDevicePath(cgroup, path);
-        if (rc != 0) {
+        if (rc < 0) {
             virReportSystemError(-rc,
                                  _("Unable to allow device %s for %s"),
                                  path, vm->def->name);
@@ -2012,7 +2012,7 @@ static int qemudDomainSaveFlag(struct qemud_driver *driver, virDomainPtr dom,

     if (cgroup != NULL) {
         rc = virCgroupDenyDevicePath(cgroup, path);
-        if (rc != 0)
+        if (rc < 0)
             VIR_WARN("Unable to deny device %s for %s %d",
                      path, vm->def->name, rc);
     }
@@ -2043,7 +2043,7 @@ endjob:

             if (cgroup != NULL) {
                 rc = virCgroupDenyDevicePath(cgroup, path);
-                if (rc != 0)
+                if (rc < 0)
                     VIR_WARN("Unable to deny device %s for %s: %d",
                              path, vm->def->name, rc);
             }
diff --git a/src/util/cgroup.c b/src/util/cgroup.c
index b71eef9..00c8828 100644
--- a/src/util/cgroup.c
+++ b/src/util/cgroup.c
@@ -1147,7 +1147,8 @@ int virCgroupAllowDeviceMajor(virCgroupPtr group, char type, int major)
  * Queries the type of device and its major/minor number, and
  * adds that to the cgroup ACL
  *
- * Returns: 0 on success
+ * Returns: 0 on success, 1 if path exists but is not a device, or
+ * negative errno value on failure
  */
 #if defined(major) && defined(minor)
 int virCgroupAllowDevicePath(virCgroupPtr group, const char *path)
@@ -1158,7 +1159,7 @@ int virCgroupAllowDevicePath(virCgroupPtr group, const char *path)
         return -errno;

     if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))
-        return -EINVAL;
+        return 1;

     return virCgroupAllowDevice(group,
                                 S_ISCHR(sb.st_mode) ? 'c' : 'b',
@@ -1242,7 +1243,7 @@ int virCgroupDenyDevicePath(virCgroupPtr group, const char *path)
         return -errno;

     if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode))
-        return -EINVAL;
+        return 1;

     return virCgroupDenyDevice(group,
                                S_ISCHR(sb.st_mode) ? 'c' : 'b',
-- 
1.7.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]