cgroup: restore devices.deny line by line

The kernel only reads the first line of any write(), so let's write line by line. Right now as far as I know devices.deny is the only cgroup property which must be written line by line. I could move this code to restore_cgroup_prop if we expect more of these, though. Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>

cgroup: restore devices.deny line by line
The kernel only reads the first line of any write(), so let's write line by line. Right now as far as I know devices.deny is the only cgroup property which must be written line by line. I could move this code to restore_cgroup_prop if we expect more of these, though. Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
31e2d895 · Tycho Andersen · Pavel Emelyanov · 0adf80cd · 31e2d895
Commit 31e2d895 authored Jul 01, 2016 by Tycho Andersen Committed by Pavel Emelyanov Jul 07, 2016
Show whitespace changes
Inline Side-by-side

Showing with 35 additions and 1 deletion

cgroup.c criu/cgroup.c +35 -1

No files found.
--- a/criu/cgroup.c
+++ b/criu/cgroup.c
@@ -1246,6 +1246,24 @@ static void add_freezer_state_for_restore(CgroupPropEntry *entry, char *path, si
 	freezer_path[path_len] = 0;
 }

+static void advance_device_entry(char **buf)
+{
+	char *pos = *buf;
+
+	while (1) {
+		if (*pos == '\n') {
+			pos++;
+			break;
+		} else if (*pos == '\0') {
+			break;
+		}
+
+		pos++;
+	}
+
+	*buf = pos;
+}
+
 static int prepare_cgroup_dir_properties(char *path, int off, CgroupDirEntry **ents,
 					 unsigned int n_ents)
 {
@@ -1292,11 +1310,16 @@ static int prepare_cgroup_dir_properties(char *path, int off, CgroupDirEntry **e
 				 * whitelist, we first deny everything via
 				 * devices.deny, and then write the list back
 				 * into devices.allow.
+				 *
+				 * Further, we must have a write() call for
+				 * each line, because the kernel only parses
+				 * the first line of any write().
 				 */
 				if (!strcmp(e->properties[j]->name, "devices.list")) {
 					CgroupPropEntry *pe = e->properties[j];
 					char *old_val = pe->value, *old_name = pe->name;
 					int ret;
+					char *pos;

 					/* A bit of a fudge here. These are
 					 * write only by owner by default, but
@@ -1322,11 +1345,22 @@ static int prepare_cgroup_dir_properties(char *path, int off, CgroupDirEntry **e
 						return -1;
 					}
 					xfree(old_name);
+
+					for (pos = pe->value; *pos; advance_device_entry(&pos)) {
+						pe->value = pos;
+						ret = restore_cgroup_prop(pe, path, off2);
+						if (ret < 0) {
+							pe->value = old_val;
+							return -1;
 						}
+					}
+					pe->value = old_val;

-				if (restore_cgroup_prop(e->properties[j], path, off2) < 0)
+				} else if (restore_cgroup_prop(e->properties[j], path, off2) < 0) {
 					return -1;
 				}
+
+			}
 		}
 skip:
 		if (prepare_cgroup_dir_properties(path, off2, e->children, e->n_children) < 0)