In PCS7 cgroups are configured from user space, so there is no longer connection from ve to device cgroup via css as it was in PCS6. Instead we should open device cgroup explicitly.
https://jira.sw.ru/browse/PSBM-33555 Signed-off-by: Cyrill Gorcunov <[email protected]> CC: Vladimir Davydov <[email protected]> CC: Konstantin Khorenko <[email protected]> CC: Andrey Vagin <[email protected]> --- include/linux/device_cgroup.h | 2 +- kernel/ve/vecalls.c | 2 +- security/device_cgroup.c | 11 +++++++++-- 3 files changed, 11 insertions(+), 4 deletions(-) Index: linux-pcs7.git/include/linux/device_cgroup.h =================================================================== --- linux-pcs7.git.orig/include/linux/device_cgroup.h +++ linux-pcs7.git/include/linux/device_cgroup.h @@ -19,7 +19,7 @@ extern int devcgroup_device_visible(umod struct cgroup; int devcgroup_default_perms_ve(struct cgroup *cgroup); int devcgroup_set_perms_ve(struct cgroup *cgroup, unsigned, dev_t, unsigned); -int devcgroup_seq_show_ve(struct cgroup *cgroup, unsigned veid, struct seq_file *m); +int devcgroup_seq_show_ve(struct cgroup *devices_root, envid_t veid, struct seq_file *m); #else static inline int devcgroup_inode_permission(struct inode *inode, int mask) Index: linux-pcs7.git/kernel/ve/vecalls.c =================================================================== --- linux-pcs7.git.orig/kernel/ve/vecalls.c +++ linux-pcs7.git/kernel/ve/vecalls.c @@ -891,7 +891,7 @@ static int devperms_seq_show(struct seq_ if (ve_is_super(ve)) seq_printf(m, "%10u b 016 *:*\n%10u c 006 *:*\n", 0, 0); else - devcgroup_seq_show_ve(ve->css.cgroup, ve->veid, m); + devcgroup_seq_show_ve(devices_root, ve->veid, m); return 0; } Index: linux-pcs7.git/security/device_cgroup.c =================================================================== --- linux-pcs7.git.orig/security/device_cgroup.c +++ linux-pcs7.git/security/device_cgroup.c @@ -1091,10 +1091,16 @@ int devcgroup_set_perms_ve(struct cgroup } EXPORT_SYMBOL(devcgroup_set_perms_ve); -int devcgroup_seq_show_ve(struct cgroup *cgroup, unsigned veid, struct seq_file *m) +int devcgroup_seq_show_ve(struct cgroup *devices_root, envid_t veid, struct seq_file *m) { - struct dev_cgroup *devcgroup = cgroup_to_devcgroup(cgroup); struct dev_exception_item *wh; + struct dev_cgroup *devcgroup; + struct cgroup *cgroup; + + cgroup = ve_cgroup_open(devices_root, 0, veid); + if (IS_ERR(cgroup)) + return PTR_ERR(cgroup); + devcgroup = cgroup_to_devcgroup(cgroup); rcu_read_lock(); list_for_each_entry_rcu(wh, &devcgroup->exceptions, list) { @@ -1118,6 +1124,7 @@ int devcgroup_seq_show_ve(struct cgroup } rcu_read_unlock(); + cgroup_kernel_close(cgroup); return 0; } EXPORT_SYMBOL(devcgroup_seq_show_ve); _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
