[PATCHv4 13/29] qemu: cgroup: Setup only the top level disk image for read-write access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Only the top level gets writes, so the rest of the backing chain
requires only read-only access.
---
 src/qemu/qemu_cgroup.c | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index c84a251..00b405b 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -49,10 +49,11 @@ static const char *const defaultDeviceACL[] = {
 #define DEVICE_PTY_MAJOR 136
 #define DEVICE_SND_MAJOR 116

-int
-qemuSetImageCgroup(virDomainObjPtr vm,
-                   virStorageSourcePtr src,
-                   bool deny)
+static int
+qemuSetImageCgroupInternal(virDomainObjPtr vm,
+                           virStorageSourcePtr src,
+                           bool deny,
+                           bool forceReadonly)
 {
     qemuDomainObjPrivatePtr priv = vm->privateData;
     int perms = VIR_CGROUP_DEVICE_READ;
@@ -75,7 +76,7 @@ qemuSetImageCgroup(virDomainObjPtr vm,

         ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms);
     } else {
-        if (!src->readonly)
+        if (!src->readonly && !forceReadonly)
             perms |= VIR_CGROUP_DEVICE_WRITE;

         VIR_DEBUG("Allow path %s, perms: %s",
@@ -103,14 +104,27 @@ qemuSetImageCgroup(virDomainObjPtr vm,


 int
+qemuSetImageCgroup(virDomainObjPtr vm,
+                   virStorageSourcePtr src,
+                   bool deny)
+{
+    return qemuSetImageCgroupInternal(vm, src, deny, false);
+}
+
+
+int
 qemuSetupDiskCgroup(virDomainObjPtr vm,
                     virDomainDiskDefPtr disk)
 {
     virStorageSourcePtr next;
+    bool forceReadonly = false;

     for (next = disk->src; next; next = next->backingStore) {
-        if (qemuSetImageCgroup(vm, next, false) < 0)
+        if (qemuSetImageCgroupInternal(vm, next, false, forceReadonly) < 0)
             return -1;
+
+        /* setup only the top level image for read-write */
+        forceReadonly = true;
     }

     return 0;
-- 
1.9.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]