Skip to content

Commit

Permalink
libct/cg/sd: use systemd v240+ new MAJOR:* syntax
Browse files Browse the repository at this point in the history
Since systemd v240 (commit 8e8b5d2e6d91180a), one can use
/dev/{char,block}-MAJOR syntax to specify that all MAJOR:*
devices are allowed.

Use it, if available, since it's more straightforward, plus
we can skip somewhat expensive parsing of /proc/devices.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
  • Loading branch information
kolyshkin committed Jun 13, 2023
1 parent d161491 commit 46dadfb
Showing 1 changed file with 23 additions and 13 deletions.
36 changes: 23 additions & 13 deletions libcontainer/cgroups/devices/systemd.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,12 @@ func systemdProperties(r *configs.Resources, sdVer int) ([]systemdDbus.Property,
// cannot add whitelist rules for devices that don't exist. Since v240,
// device properties are parsed from the path string.
//
// However, path globbing is not support for path-based rules so we
// However, path globbing is not supported for path-based rules so we
// need to handle wildcards in some other manner.
//
// * Wildcard-minor rules have to specify a "device group name" (the
// second column in /proc/devices).
// * If systemd older than v240 is used, wildcard-minor rules
// have to specify a "device group name" (the second column
// in /proc/devices).
//
// * Wildcard (major and minor) rules can just specify a glob with the
// type ("char-*" or "block-*").
Expand All @@ -110,17 +111,26 @@ func systemdProperties(r *configs.Resources, sdVer int) ([]systemdDbus.Property,
}
entry.Path = prefix + "*"
} else if rule.Minor == devices.Wildcard {
// "_ n:* _" rules require a device group from /proc/devices.
group, err := findDeviceGroup(rule.Type, rule.Major)
if err != nil {
return nil, fmt.Errorf("unable to find device '%v/%d': %w", rule.Type, rule.Major, err)
}
if group == "" {
// Couldn't find a group.
logrus.Warnf("could not find device group for '%v/%d' in /proc/devices -- temporarily ignoring rule: %v", rule.Type, rule.Major, *rule)
continue
if sdVer >= 240 {
// systemd v240+ allows for {block,char}-MAJOR syntax.
prefix, err := groupPrefix(rule.Type)
if err != nil {
return nil, err
}
entry.Path = prefix + strconv.FormatInt(rule.Major, 10)
} else {
// For older systemd, "_ n:* _" rules require a device group from /proc/devices.
group, err := findDeviceGroup(rule.Type, rule.Major)
if err != nil {
return nil, fmt.Errorf("unable to find device '%v/%d': %w", rule.Type, rule.Major, err)
}
if group == "" {
// Couldn't find a group.
logrus.Warnf("could not find device group for '%v/%d' in /proc/devices -- temporarily ignoring rule: %v", rule.Type, rule.Major, *rule)
continue
}
entry.Path = group
}
entry.Path = group
} else {
// "_ n:m _" rules are just a path in /dev/{block,char}/.
switch rule.Type {
Expand Down

0 comments on commit 46dadfb

Please sign in to comment.