util: cgroup: Drop virCgroup(Allow|Deny)DeviceMajor

Since commit 47e5b5ae virCgroupAllowDevice allows to pass -1 as either
the minor or major device number and it automatically uses '*' in place
of that. Reuse the new approach through the code and drop the duplicated
functions.

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index cb1566d560271e7c8377db91a7fdb8e9511e5df9..4b406121988112b09d1c12d706167a52fb9dc79e 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1189,7 +1189,6 @@ virCgroupAddTask;
 virCgroupAddTaskController;
 virCgroupAllowAllDevices;
 virCgroupAllowDevice;
-virCgroupAllowDeviceMajor;
 virCgroupAllowDevicePath;
 virCgroupAvailable;
 virCgroupBindMount;
@@ -1198,7 +1197,6 @@ virCgroupControllerTypeFromString;
 virCgroupControllerTypeToString;
 virCgroupDenyAllDevices;
 virCgroupDenyDevice;
-virCgroupDenyDeviceMajor;
 virCgroupDenyDevicePath;
 virCgroupDetectMountsFromFile;
 virCgroupFree;

diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index 31489466cfbf18b8a58593eec64e9283f26cf000..60805af992b58675e84d7097863e94fa8561b03a 100644 (file)
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -466,8 +466,8 @@ static int virLXCCgroupSetupDeviceACL(virDomainDefPtr def,
         }
     }
 
-    if (virCgroupAllowDeviceMajor(cgroup, 'c', LXC_DEV_MAJ_PTY,
-                                  VIR_CGROUP_DEVICE_RWM) < 0)
+    if (virCgroupAllowDevice(cgroup, 'c', LXC_DEV_MAJ_PTY, -1,
+                             VIR_CGROUP_DEVICE_RWM) < 0)
         goto cleanup;
 
     VIR_DEBUG("Device whitelist complete");

diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 7579f4295e471e66d522dda90aa19e02bb214ce8..5a4cd555ddf363826b823c2ada6981eea8b98c10 100644 (file)
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -558,8 +558,8 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver,
             goto cleanup;
     }
 
-    rv = virCgroupAllowDeviceMajor(priv->cgroup, 'c', DEVICE_PTY_MAJOR,
-                                   VIR_CGROUP_DEVICE_RW);
+    rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_PTY_MAJOR, -1,
+                              VIR_CGROUP_DEVICE_RW);
     virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_PTY_MAJOR,
                               "pty", "rw", rv == 0);
     if (rv < 0)
@@ -576,8 +576,8 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver,
           ((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
            cfg->vncAllowHostAudio) ||
            (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL))))) {
-        rv = virCgroupAllowDeviceMajor(priv->cgroup, 'c', DEVICE_SND_MAJOR,
-                                       VIR_CGROUP_DEVICE_RW);
+        rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_SND_MAJOR, -1,
+                                  VIR_CGROUP_DEVICE_RW);
         virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_SND_MAJOR,
                                   "sound", "rw", rv == 0);
         if (rv < 0)

diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index ab0cd475b6dc33d7a5fd2938c00d24aca4787b50..a35bac73e103f450436e0f6cb74917f8df9a94b3 100644 (file)
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -2980,41 +2980,6 @@ virCgroupAllowDevice(virCgroupPtr group, char type, int major, int minor,
 }
 
 
-/**
- * virCgroupAllowDeviceMajor:
- *
- * @group: The cgroup to allow an entire device major type for
- * @type: The device type (i.e., 'c' or 'b')
- * @major: The major number of the device type
- * @perms: Bitwise or of VIR_CGROUP_DEVICE permission bits to allow
- *
- * Returns: 0 on success
- */
-int
-virCgroupAllowDeviceMajor(virCgroupPtr group, char type, int major,
-                          int perms)
-{
-    int ret = -1;
-    char *devstr = NULL;
-
-    if (virAsprintf(&devstr, "%c %i:* %s", type, major,
-                    virCgroupGetDevicePermsString(perms)) < 0)
-        goto cleanup;
-
-    if (virCgroupSetValueStr(group,
-                             VIR_CGROUP_CONTROLLER_DEVICES,
-                             "devices.allow",
-                             devstr) < 0)
-        goto cleanup;
-
-    ret = 0;
-
- cleanup:
-    VIR_FREE(devstr);
-    return ret;
-}
-
-
 /**
  * virCgroupAllowDevicePath:
  *
@@ -3099,41 +3064,6 @@ virCgroupDenyDevice(virCgroupPtr group, char type, int major, int minor,
 }
 
 
-/**
- * virCgroupDenyDeviceMajor:
- *
- * @group: The cgroup to deny an entire device major type for
- * @type: The device type (i.e., 'c' or 'b')
- * @major: The major number of the device type
- * @perms: Bitwise or of VIR_CGROUP_DEVICE permission bits to deny
- *
- * Returns: 0 on success
- */
-int
-virCgroupDenyDeviceMajor(virCgroupPtr group, char type, int major,
-                         int perms)
-{
-    int ret = -1;
-    char *devstr = NULL;
-
-    if (virAsprintf(&devstr, "%c %i:* %s", type, major,
-                    virCgroupGetDevicePermsString(perms)) < 0)
-        goto cleanup;
-
-    if (virCgroupSetValueStr(group,
-                             VIR_CGROUP_CONTROLLER_DEVICES,
-                             "devices.deny",
-                             devstr) < 0)
-        goto cleanup;
-
-    ret = 0;
-
- cleanup:
-    VIR_FREE(devstr);
-    return ret;
-}
-
-
 int
 virCgroupDenyDevicePath(virCgroupPtr group, const char *path, int perms)
 {
@@ -4704,18 +4634,6 @@ virCgroupAllowDevice(virCgroupPtr group ATTRIBUTE_UNUSED,
 }
 
 
-int
-virCgroupAllowDeviceMajor(virCgroupPtr group ATTRIBUTE_UNUSED,
-                          char type ATTRIBUTE_UNUSED,
-                          int major ATTRIBUTE_UNUSED,
-                          int perms ATTRIBUTE_UNUSED)
-{
-    virReportSystemError(ENOSYS, "%s",
-                         _("Control groups not supported on this platform"));
-    return -1;
-}
-
-
 int
 virCgroupAllowDevicePath(virCgroupPtr group ATTRIBUTE_UNUSED,
                          const char *path ATTRIBUTE_UNUSED,
@@ -4740,18 +4658,6 @@ virCgroupDenyDevice(virCgroupPtr group ATTRIBUTE_UNUSED,
 }
 
 
-int
-virCgroupDenyDeviceMajor(virCgroupPtr group ATTRIBUTE_UNUSED,
-                         char type ATTRIBUTE_UNUSED,
-                         int major ATTRIBUTE_UNUSED,
-                         int perms ATTRIBUTE_UNUSED)
-{
-    virReportSystemError(ENOSYS, "%s",
-                         _("Control groups not supported on this platform"));
-    return -1;
-}
-
-
 int
 virCgroupDenyDevicePath(virCgroupPtr group ATTRIBUTE_UNUSED,
                         const char *path ATTRIBUTE_UNUSED,

diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h
index aeb641c18a51b49bac27bbbfec5e45ab61606ad9..0f687a5c43c92875173692a4569a1e0b704d6bbd 100644 (file)
--- a/src/util/vircgroup.h
+++ b/src/util/vircgroup.h
@@ -220,10 +220,6 @@ int virCgroupAllowDevice(virCgroupPtr group,
                          int major,
                          int minor,
                          int perms);
-int virCgroupAllowDeviceMajor(virCgroupPtr group,
-                              char type,
-                              int major,
-                              int perms);
 int virCgroupAllowDevicePath(virCgroupPtr group,
                              const char *path,
                              int perms);
@@ -233,10 +229,6 @@ int virCgroupDenyDevice(virCgroupPtr group,
                         int major,
                         int minor,
                         int perms);
-int virCgroupDenyDeviceMajor(virCgroupPtr group,
-                             char type,
-                             int major,
-                             int perms);
 int virCgroupDenyDevicePath(virCgroupPtr group,
                             const char *path,
                             int perms);