From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
The virCgroupNewDriver method had a 'bool privileged' param.
If a false value was ever passed in, it would simply not
work, since non-root users don't have any privileges to create
new cgroups. Just delete this broken code entirely and make
the QEMU driver skip cgroup setup in non-privileged mode
Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
src/lxc/lxc_cgroup.c | 1 -
src/qemu/qemu_cgroup.c | 4 +++-
src/util/vircgroup.c | 27 +++------------------------
src/util/vircgroup.h | 1 -
tests/vircgrouptest.c | 12 ++++++------
5 files changed, 12 insertions(+), 33 deletions(-)
diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index 8f19057..0a43b61 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -581,7 +581,6 @@ virCgroupPtr virLXCCgroupCreate(virDomainDefPtr def, bool startup)
} else {
rc = virCgroupNewDriver("lxc",
true,
- true,
-1,
&parent);
if (rc != 0) {
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index db9aafe..a6c8638 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -196,6 +196,9 @@ int qemuInitCgroup(virQEMUDriverPtr driver,
virCgroupPtr parent = NULL;
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+ if (!cfg->privileged)
+ goto done;
+
virCgroupFree(&priv->cgroup);
if (!vm->def->resource && startup) {
@@ -256,7 +259,6 @@ int qemuInitCgroup(virQEMUDriverPtr driver,
}
} else {
rc = virCgroupNewDriver("qemu",
- cfg->privileged,
true,
cfg->cgroupControllers,
&parent);
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index 40e0fe6..6202614 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -794,8 +794,7 @@ err:
return rc;
}
-static int virCgroupAppRoot(bool privileged,
- virCgroupPtr *group,
+static int virCgroupAppRoot(virCgroupPtr *group,
bool create,
int controllers)
{
@@ -807,26 +806,7 @@ static int virCgroupAppRoot(bool privileged,
if (rc != 0)
return rc;
- if (privileged) {
- rc = virCgroupNew("libvirt", selfgrp, controllers, group);
- } else {
- char *rootname;
- char *username;
- username = virGetUserName(getuid());
- if (!username) {
- rc = -ENOMEM;
- goto cleanup;
- }
- rc = virAsprintf(&rootname, "libvirt-%s", username);
- VIR_FREE(username);
- if (rc < 0) {
- rc = -ENOMEM;
- goto cleanup;
- }
-
- rc = virCgroupNew(rootname, selfgrp, controllers, group);
- VIR_FREE(rootname);
- }
+ rc = virCgroupNew("libvirt", selfgrp, controllers, group);
if (rc != 0)
goto cleanup;
@@ -1135,7 +1115,6 @@ int virCgroupNewPartition(const char *path ATTRIBUTE_UNUSED,
*/
#if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
int virCgroupNewDriver(const char *name,
- bool privileged,
bool create,
int controllers,
virCgroupPtr *group)
@@ -1143,7 +1122,7 @@ int virCgroupNewDriver(const char *name,
int rc;
virCgroupPtr rootgrp = NULL;
- rc = virCgroupAppRoot(privileged, &rootgrp,
+ rc = virCgroupAppRoot(&rootgrp,
create, controllers);
if (rc != 0)
goto out;
diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h
index 33f86a6..936e09b 100644
--- a/src/util/vircgroup.h
+++ b/src/util/vircgroup.h
@@ -51,7 +51,6 @@ int virCgroupNewPartition(const char *path,
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
int virCgroupNewDriver(const char *name,
- bool privileged,
bool create,
int controllers,
virCgroupPtr *group)
diff --git a/tests/vircgrouptest.c b/tests/vircgrouptest.c
index a806368..4f76a06 100644
--- a/tests/vircgrouptest.c
+++ b/tests/vircgrouptest.c
@@ -138,13 +138,13 @@ static int testCgroupNewForDriver(const void *args ATTRIBUTE_UNUSED)
[VIR_CGROUP_CONTROLLER_BLKIO] = "/libvirt/lxc",
};
- if ((rv = virCgroupNewDriver("lxc", true, false, -1, &cgroup)) != -ENOENT) {
+ if ((rv = virCgroupNewDriver("lxc", false, -1, &cgroup)) != -ENOENT) {
fprintf(stderr, "Unexpected found LXC cgroup: %d\n", -rv);
goto cleanup;
}
/* Asking for impossible combination since CPU is co-mounted */
- if ((rv = virCgroupNewDriver("lxc", true, true,
+ if ((rv = virCgroupNewDriver("lxc", true,
(1 << VIR_CGROUP_CONTROLLER_CPU),
&cgroup)) != -EINVAL) {
fprintf(stderr, "Should not have created LXC cgroup: %d\n", -rv);
@@ -152,7 +152,7 @@ static int testCgroupNewForDriver(const void *args ATTRIBUTE_UNUSED)
}
/* Asking for impossible combination since devices is not mounted */
- if ((rv = virCgroupNewDriver("lxc", true, true,
+ if ((rv = virCgroupNewDriver("lxc", true,
(1 << VIR_CGROUP_CONTROLLER_DEVICES),
&cgroup)) != -ENOENT) {
fprintf(stderr, "Should not have created LXC cgroup: %d\n", -rv);
@@ -160,7 +160,7 @@ static int testCgroupNewForDriver(const void *args ATTRIBUTE_UNUSED)
}
/* Asking for small combination since devices is not mounted */
- if ((rv = virCgroupNewDriver("lxc", true, true,
+ if ((rv = virCgroupNewDriver("lxc", true,
(1 << VIR_CGROUP_CONTROLLER_CPU) |
(1 << VIR_CGROUP_CONTROLLER_CPUACCT) |
(1 << VIR_CGROUP_CONTROLLER_MEMORY),
@@ -171,7 +171,7 @@ static int testCgroupNewForDriver(const void *args ATTRIBUTE_UNUSED)
ret = validateCgroup(cgroup, "libvirt/lxc", mountsSmall, placementSmall);
virCgroupFree(&cgroup);
- if ((rv = virCgroupNewDriver("lxc", true, true, -1, &cgroup)) != 0) {
+ if ((rv = virCgroupNewDriver("lxc", true, -1, &cgroup)) != 0) {
fprintf(stderr, "Cannot create LXC cgroup: %d\n", -rv);
goto cleanup;
}
@@ -199,7 +199,7 @@ static int testCgroupNewForDriverDomain(const void *args ATTRIBUTE_UNUSED)
[VIR_CGROUP_CONTROLLER_BLKIO] = "/libvirt/lxc/wibble",
};
- if ((rv = virCgroupNewDriver("lxc", true, false, -1, &drivercgroup)) != 0) {
+ if ((rv = virCgroupNewDriver("lxc", false, -1, &drivercgroup)) != 0) {
fprintf(stderr, "Cannot find LXC cgroup: %d\n", -rv);
goto cleanup;
}
--
1.8.1.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list