The check for whether the cgroup devices ACL is available is
done quite late during LXC hotplug - in fact after the device
node is already created in the container in some cases. Better
todo it upfront so we fail immediately.
Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
src/lxc/lxc_driver.c | 36 ++++++++++++------------------------
1 file changed, 12 insertions(+), 24 deletions(-)
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 79a9e36..51ca98c 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -3645,6 +3645,12 @@ lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
goto cleanup;
}
+ if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("devices cgroup isn't mounted"));
+ goto cleanup;
+ }
+
if (def->type != VIR_DOMAIN_DISK_TYPE_BLOCK) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Can't setup disk for non-block device"));
@@ -3712,12 +3718,6 @@ lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
vm->def, def) < 0)
goto cleanup;
- if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("devices cgroup isn't mounted"));
- goto cleanup;
- }
-
if (virCgroupAllowDevicePath(priv->cgroup, def->src,
(def->readonly ?
VIR_CGROUP_DEVICE_READ :
@@ -3914,12 +3914,6 @@ lxcDomainAttachDeviceHostdevSubsysUSBLive(virLXCDriverPtr driver,
def->source.subsys.u.usb.device) < 0)
goto cleanup;
- if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("devices cgroup isn't mounted"));
- goto cleanup;
- }
-
if (!(usb = virUSBDeviceNew(def->source.subsys.u.usb.bus,
def->source.subsys.u.usb.device, vroot)))
goto cleanup;
@@ -4067,12 +4061,6 @@ lxcDomainAttachDeviceHostdevStorageLive(virLXCDriverPtr driver,
vm->def, def, vroot) < 0)
goto cleanup;
- if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("devices cgroup isn't mounted"));
- goto cleanup;
- }
-
if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.storage.block,
VIR_CGROUP_DEVICE_RW |
VIR_CGROUP_DEVICE_MKNOD) != 0) {
@@ -4175,12 +4163,6 @@ lxcDomainAttachDeviceHostdevMiscLive(virLXCDriverPtr driver,
vm->def, def, vroot) < 0)
goto cleanup;
- if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("devices cgroup isn't mounted"));
- goto cleanup;
- }
-
if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.misc.chardev,
VIR_CGROUP_DEVICE_RW |
VIR_CGROUP_DEVICE_MKNOD) != 0) {
@@ -4256,6 +4238,12 @@ lxcDomainAttachDeviceHostdevLive(virLXCDriverPtr driver,
return -1;
}
+ if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("devices cgroup isn't mounted"));
+ return -1;
+ }
+
switch (dev->data.hostdev->mode) {
case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS:
return lxcDomainAttachDeviceHostdevSubsysLive(driver, vm, dev);
--
1.8.5.3
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list