[pve-devel] applied: [PATCH container] fix #1874: autodev hook: setup devices cgroup

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Sep 4 14:54:03 CEST 2018


On 8/21/18 9:57 AM, Wolfgang Bumiller wrote:
> Currently the autodev hook only adds device nodes, but in
> order for the container to use them we also need to add
> entries to the devices cgroup to both the limiting and the
> namespaced devices cgroup directory.
> 
> Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> ---
>  src/lxc-pve-autodev-hook | 25 +++++++++++++++++++++++++
>  1 file changed, 25 insertions(+)
> 
> diff --git a/src/lxc-pve-autodev-hook b/src/lxc-pve-autodev-hook
> index d8f5012..c934bfd 100755
> --- a/src/lxc-pve-autodev-hook
> +++ b/src/lxc-pve-autodev-hook
> @@ -29,6 +29,21 @@ if (! open $fd, '<', $devlist_file) {
>      die "failed to open device list: $!\n";
>  }
>  
> +sub cgroup_do_write($$) {
> +    my ($path, $value) = @_;
> +    my $fd;
> +    if (!open($fd, '>', $path)) {
> +	warn "failed to open cgroup file $path: $!\n";
> +	return 0;
> +    }
> +    if (!defined syswrite($fd, $value)) {
> +	warn "failed to write value $value to cgroup file $path: $!\n";
> +	return 0;
> +    }
> +    close($fd);
> +    return 1;
> +}
> +
>  while (defined(my $line = <$fd>)) {
>      if ($line !~ m@^(b):(\d+):(\d+):/dev/(\S+)\s*$@) {
>  	warn "invalid .pve-devices entry: $line\n";
> @@ -60,6 +75,16 @@ while (defined(my $line = <$fd>)) {
>  	chomp $mapped_name;
>  	symlink("/dev/$dev", "$root/dev/mapper/$mapped_name");
>      }
> +
> +    my $cgbase = "/sys/fs/cgroup/devices/lxc/$vmid";
> +    my $limitpath = "$cgbase/devices.allow";
> +    my $nspath = "$cgbase/ns/devices.allow";
> +    if (!cgroup_do_write($limitpath, "$type $major:$minor rwm")) {
> +	warn "failed to allow access to device $dev ($major:$minor)\n";
> +    }
> +    if (!cgroup_do_write($nspath, "$type $major:$minor rwm")) {
> +	warn "failed to allow access to device $dev ($major:$minor) inside the namespace\n";
> +    }
>  }
>  close $fd;
>  
> 

applied



More information about the pve-devel mailing list