diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index cb1566d560..4b40612198 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1189,7 +1189,6 @@ virCgroupAddTask; virCgroupAddTaskController; virCgroupAllowAllDevices; virCgroupAllowDevice; -virCgroupAllowDeviceMajor; virCgroupAllowDevicePath; virCgroupAvailable; virCgroupBindMount; @@ -1198,7 +1197,6 @@ virCgroupControllerTypeFromString; virCgroupControllerTypeToString; virCgroupDenyAllDevices; virCgroupDenyDevice; -virCgroupDenyDeviceMajor; virCgroupDenyDevicePath; virCgroupDetectMountsFromFile; virCgroupFree; diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c index 31489466cf..60805af992 100644 --- a/src/lxc/lxc_cgroup.c +++ b/src/lxc/lxc_cgroup.c @@ -466,8 +466,8 @@ static int virLXCCgroupSetupDeviceACL(virDomainDefPtr def, } } - if (virCgroupAllowDeviceMajor(cgroup, 'c', LXC_DEV_MAJ_PTY, - VIR_CGROUP_DEVICE_RWM) < 0) + if (virCgroupAllowDevice(cgroup, 'c', LXC_DEV_MAJ_PTY, -1, + VIR_CGROUP_DEVICE_RWM) < 0) goto cleanup; VIR_DEBUG("Device whitelist complete"); diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 7579f4295e..5a4cd555dd 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -558,8 +558,8 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver, goto cleanup; } - rv = virCgroupAllowDeviceMajor(priv->cgroup, 'c', DEVICE_PTY_MAJOR, - VIR_CGROUP_DEVICE_RW); + rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_PTY_MAJOR, -1, + VIR_CGROUP_DEVICE_RW); virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_PTY_MAJOR, "pty", "rw", rv == 0); if (rv < 0) @@ -576,8 +576,8 @@ qemuSetupDevicesCgroup(virQEMUDriverPtr driver, ((vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC && cfg->vncAllowHostAudio) || (vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL))))) { - rv = virCgroupAllowDeviceMajor(priv->cgroup, 'c', DEVICE_SND_MAJOR, - VIR_CGROUP_DEVICE_RW); + rv = virCgroupAllowDevice(priv->cgroup, 'c', DEVICE_SND_MAJOR, -1, + VIR_CGROUP_DEVICE_RW); virDomainAuditCgroupMajor(vm, priv->cgroup, "allow", DEVICE_SND_MAJOR, "sound", "rw", rv == 0); if (rv < 0) diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index ab0cd475b6..a35bac73e1 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -2980,41 +2980,6 @@ virCgroupAllowDevice(virCgroupPtr group, char type, int major, int minor, } -/** - * virCgroupAllowDeviceMajor: - * - * @group: The cgroup to allow an entire device major type for - * @type: The device type (i.e., 'c' or 'b') - * @major: The major number of the device type - * @perms: Bitwise or of VIR_CGROUP_DEVICE permission bits to allow - * - * Returns: 0 on success - */ -int -virCgroupAllowDeviceMajor(virCgroupPtr group, char type, int major, - int perms) -{ - int ret = -1; - char *devstr = NULL; - - if (virAsprintf(&devstr, "%c %i:* %s", type, major, - virCgroupGetDevicePermsString(perms)) < 0) - goto cleanup; - - if (virCgroupSetValueStr(group, - VIR_CGROUP_CONTROLLER_DEVICES, - "devices.allow", - devstr) < 0) - goto cleanup; - - ret = 0; - - cleanup: - VIR_FREE(devstr); - return ret; -} - - /** * virCgroupAllowDevicePath: * @@ -3099,41 +3064,6 @@ virCgroupDenyDevice(virCgroupPtr group, char type, int major, int minor, } -/** - * virCgroupDenyDeviceMajor: - * - * @group: The cgroup to deny an entire device major type for - * @type: The device type (i.e., 'c' or 'b') - * @major: The major number of the device type - * @perms: Bitwise or of VIR_CGROUP_DEVICE permission bits to deny - * - * Returns: 0 on success - */ -int -virCgroupDenyDeviceMajor(virCgroupPtr group, char type, int major, - int perms) -{ - int ret = -1; - char *devstr = NULL; - - if (virAsprintf(&devstr, "%c %i:* %s", type, major, - virCgroupGetDevicePermsString(perms)) < 0) - goto cleanup; - - if (virCgroupSetValueStr(group, - VIR_CGROUP_CONTROLLER_DEVICES, - "devices.deny", - devstr) < 0) - goto cleanup; - - ret = 0; - - cleanup: - VIR_FREE(devstr); - return ret; -} - - int virCgroupDenyDevicePath(virCgroupPtr group, const char *path, int perms) { @@ -4704,18 +4634,6 @@ virCgroupAllowDevice(virCgroupPtr group ATTRIBUTE_UNUSED, } -int -virCgroupAllowDeviceMajor(virCgroupPtr group ATTRIBUTE_UNUSED, - char type ATTRIBUTE_UNUSED, - int major ATTRIBUTE_UNUSED, - int perms ATTRIBUTE_UNUSED) -{ - virReportSystemError(ENOSYS, "%s", - _("Control groups not supported on this platform")); - return -1; -} - - int virCgroupAllowDevicePath(virCgroupPtr group ATTRIBUTE_UNUSED, const char *path ATTRIBUTE_UNUSED, @@ -4740,18 +4658,6 @@ virCgroupDenyDevice(virCgroupPtr group ATTRIBUTE_UNUSED, } -int -virCgroupDenyDeviceMajor(virCgroupPtr group ATTRIBUTE_UNUSED, - char type ATTRIBUTE_UNUSED, - int major ATTRIBUTE_UNUSED, - int perms ATTRIBUTE_UNUSED) -{ - virReportSystemError(ENOSYS, "%s", - _("Control groups not supported on this platform")); - return -1; -} - - int virCgroupDenyDevicePath(virCgroupPtr group ATTRIBUTE_UNUSED, const char *path ATTRIBUTE_UNUSED, diff --git a/src/util/vircgroup.h b/src/util/vircgroup.h index aeb641c18a..0f687a5c43 100644 --- a/src/util/vircgroup.h +++ b/src/util/vircgroup.h @@ -220,10 +220,6 @@ int virCgroupAllowDevice(virCgroupPtr group, int major, int minor, int perms); -int virCgroupAllowDeviceMajor(virCgroupPtr group, - char type, - int major, - int perms); int virCgroupAllowDevicePath(virCgroupPtr group, const char *path, int perms); @@ -233,10 +229,6 @@ int virCgroupDenyDevice(virCgroupPtr group, int major, int minor, int perms); -int virCgroupDenyDeviceMajor(virCgroupPtr group, - char type, - int major, - int perms); int virCgroupDenyDevicePath(virCgroupPtr group, const char *path, int perms);