NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

qemu: cgroup: Setup only the top level disk image for read-write access

Browse Source 
Only the top level gets writes, so the rest of the backing chain
requires only read-only access.
This commit is contained in:
Peter Krempa 2014-06-20 14:05:05 +02:00
parent aa53c77e1d
commit 1ba14d6df2
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/qemu/qemu_cgroup.c
View File

@ -49,10 +49,11 @@ static const char *const defaultDeviceACL[] = {
#define DEVICE_PTY_MAJOR 136 #define DEVICE_PTY_MAJOR 136
#define DEVICE_SND_MAJOR 116 #define DEVICE_SND_MAJOR 116
int static int
qemuSetImageCgroup(virDomainObjPtr vm, qemuSetImageCgroupInternal(virDomainObjPtr vm,
virStorageSourcePtr src, virStorageSourcePtr src,
bool deny) bool deny,
bool forceReadonly)
{ {
qemuDomainObjPrivatePtr priv = vm->privateData; qemuDomainObjPrivatePtr priv = vm->privateData;
int perms = VIR_CGROUP_DEVICE_READ; int perms = VIR_CGROUP_DEVICE_READ;
@ -75,7 +76,7 @@ qemuSetImageCgroup(virDomainObjPtr vm,
ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms); ret = virCgroupDenyDevicePath(priv->cgroup, src->path, perms);
} else { } else {
if (!src->readonly) if (!src->readonly && !forceReadonly)
perms |= VIR_CGROUP_DEVICE_WRITE; perms |= VIR_CGROUP_DEVICE_WRITE;
VIR_DEBUG("Allow path %s, perms: %s", VIR_DEBUG("Allow path %s, perms: %s",
@ -102,15 +103,28 @@ qemuSetImageCgroup(virDomainObjPtr vm,
} }
int
qemuSetImageCgroup(virDomainObjPtr vm,
virStorageSourcePtr src,
bool deny)
{
return qemuSetImageCgroupInternal(vm, src, deny, false);
}
int int
qemuSetupDiskCgroup(virDomainObjPtr vm, qemuSetupDiskCgroup(virDomainObjPtr vm,
virDomainDiskDefPtr disk) virDomainDiskDefPtr disk)
{ {
virStorageSourcePtr next; virStorageSourcePtr next;
bool forceReadonly = false;
for (next = disk->src; next; next = next->backingStore) { for (next = disk->src; next; next = next->backingStore) {
if (qemuSetImageCgroup(vm, next, false) < 0) if (qemuSetImageCgroupInternal(vm, next, false, forceReadonly) < 0)
return -1; return -1;
/* setup only the top level image for read-write */
forceReadonly = true;
} }
return 0; return 0;