[pve-devel] applied: [PATCH container] fix #1874: autodev hook: setup devices cgroup
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Sep 4 14:54:03 CEST 2018
On 8/21/18 9:57 AM, Wolfgang Bumiller wrote:
> Currently the autodev hook only adds device nodes, but in
> order for the container to use them we also need to add
> entries to the devices cgroup to both the limiting and the
> namespaced devices cgroup directory.
>
> Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> ---
> src/lxc-pve-autodev-hook | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
>
> diff --git a/src/lxc-pve-autodev-hook b/src/lxc-pve-autodev-hook
> index d8f5012..c934bfd 100755
> --- a/src/lxc-pve-autodev-hook
> +++ b/src/lxc-pve-autodev-hook
> @@ -29,6 +29,21 @@ if (! open $fd, '<', $devlist_file) {
> die "failed to open device list: $!\n";
> }
>
> +sub cgroup_do_write($$) {
> + my ($path, $value) = @_;
> + my $fd;
> + if (!open($fd, '>', $path)) {
> + warn "failed to open cgroup file $path: $!\n";
> + return 0;
> + }
> + if (!defined syswrite($fd, $value)) {
> + warn "failed to write value $value to cgroup file $path: $!\n";
> + return 0;
> + }
> + close($fd);
> + return 1;
> +}
> +
> while (defined(my $line = <$fd>)) {
> if ($line !~ m@^(b):(\d+):(\d+):/dev/(\S+)\s*$@) {
> warn "invalid .pve-devices entry: $line\n";
> @@ -60,6 +75,16 @@ while (defined(my $line = <$fd>)) {
> chomp $mapped_name;
> symlink("/dev/$dev", "$root/dev/mapper/$mapped_name");
> }
> +
> + my $cgbase = "/sys/fs/cgroup/devices/lxc/$vmid";
> + my $limitpath = "$cgbase/devices.allow";
> + my $nspath = "$cgbase/ns/devices.allow";
> + if (!cgroup_do_write($limitpath, "$type $major:$minor rwm")) {
> + warn "failed to allow access to device $dev ($major:$minor)\n";
> + }
> + if (!cgroup_do_write($nspath, "$type $major:$minor rwm")) {
> + warn "failed to allow access to device $dev ($major:$minor) inside the namespace\n";
> + }
> }
> close $fd;
>
>
applied
More information about the pve-devel
mailing list