cgroup: Separate devices.list cgroup restoring

Now restore_special_property() only deals which special property restore and restore_devices_list() deals with devices.list. BTW, let's have two variables dev_allow and dev_deny on stack to simplify it - all this fuss with old_val and old_name kills the fun. Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com> Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>

cgroup: Separate devices.list cgroup restoring
Now restore_special_property() only deals which special property restore and restore_devices_list() deals with devices.list. BTW, let's have two variables dev_allow and dev_deny on stack to simplify it - all this fuss with old_val and old_name kills the fun. Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com> Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
831d155c · Dmitry Safonov · Andrei Vagin · f14cdada · 831d155c
Commit 831d155c authored Jul 25, 2017 by Dmitry Safonov Committed by Andrei Vagin Nov 21, 2017
Show whitespace changes
Inline Side-by-side

Showing with 46 additions and 49 deletions

cgroup.c criu/cgroup.c +46 -49

No files found.
--- a/criu/cgroup.c
+++ b/criu/cgroup.c
@@ -1371,78 +1371,75 @@ int prepare_cgroup_properties(void)
 	return 0;
 }
-static int restore_special_property(char *paux, size_t off, CgroupPropEntry *pr)
+/*
-{
-	/*
-	 * XXX: we can drop this hack and make memory.swappiness and
-	 * memory.oom_control regular properties when we drop support for
-	 * kernels < 3.16. See 3dae7fec5.
-	 */
-	if (!strcmp(pr->name, "memory.swappiness") && !strcmp(pr->value, "60"))
-		return 0;
-	if (!strcmp(pr->name, "memory.oom_control") && !strcmp(pr->value, "0"))
-		return 0;
-	if (!strcmp(pr->name, "devices.list")) {
-		/*
 * The devices cgroup must be restored in a special way:
-		 * only the contents of devices.list can be read, and it
+ * only the contents of devices.list can be read, and it is a whitelist
-		 * is a whitelist of all the devices the cgroup is allowed
+ * of all the devices the cgroup is allowed to create. To re-create
-		 * to create. To re-create this whitelist, we firstly deny
+ * this whitelist, we firstly deny everything via devices.deny,
-		 * everything via devices.deny, and then write the list back
+ * and then write the list back into devices.allow.
-		 * into devices.allow.
 *
-		 * Further, we must have a write() call for each line,
+ * Further, we must have a write() call for each line, because the kernel
-		 * because the kernel only parses the first line of
+ * only parses the first line of any write().
-		 * any write().
 */
-		CgroupPropEntry *pe = pr;
+static int restore_devices_list(char *paux, size_t off, CgroupPropEntry *pr)
-		char *old_val = pe->value, *old_name = pe->name;
+{
-		int ret;
+	CgroupPropEntry dev_allow = *pr;
+	CgroupPropEntry dev_deny = *pr;
 	char *pos;
+	int ret;
-		/*
+	dev_allow.name = "devices.allow";
-		 * A bit of a fudge here. These are write only by owner
+	dev_deny.name = "devices.deny";
-		 * by default, but the container engine could have changed
+	dev_deny.value = "a";
-		 * the perms. We should come up with a better way to
-		 * restore all of this stuff.
-		 */
-		pe->perms->mode = 0200;
-		pe->name = "devices.deny";
+	ret = restore_cgroup_prop(&dev_deny, paux, off);
-		pe->value = "a";
-		ret = restore_cgroup_prop(pr, paux, off);
-		pe->name = old_name;
-		pe->value = old_val;
 	/*
 	 * An emptry string here means nothing is allowed,
 	 * and the kernel disallows writing an "" to devices.allow,
 	 * so let's just keep going.
 	 */
-		if (!strcmp(pe->value, ""))
+	if (!strcmp(dev_allow.value, ""))
 		return 0;
 	if (ret < 0)
 		return -1;
-		pe->name = "devices.allow";
+	pos = dev_allow.value;
-		pos = pe->value;
 	while (*pos) {
 		int offset = next_device_entry(pos);
-			pe->value = pos;
-			ret = restore_cgroup_prop(pe, paux, off);
+		dev_allow.value = pos;
-			if (ret < 0) {
+		ret = restore_cgroup_prop(&dev_allow, paux, off);
-				pe->name = old_name;
+		if (ret < 0)
-				pe->value = old_val;
 			return -1;
-			}
 		pos += offset;
 	}
-		pe->value = old_val;
-		pe->name = old_name;
 	return 0;
+}
+static int restore_special_property(char *paux, size_t off, CgroupPropEntry *pr)
+{
+	/*
+	 * XXX: we can drop this hack and make memory.swappiness and
+	 * memory.oom_control regular properties when we drop support for
+	 * kernels < 3.16. See 3dae7fec5.
+	 */
+	if (!strcmp(pr->name, "memory.swappiness") && !strcmp(pr->value, "60"))
+		return 0;
+	if (!strcmp(pr->name, "memory.oom_control") && !strcmp(pr->value, "0"))
+		return 0;
+	if (!strcmp(pr->name, "devices.list")) {
+		/*
+		 * A bit of a fudge here. These are write only by owner
+		 * by default, but the container engine could have changed
+		 * the perms. We should come up with a better way to
+		 * restore all of this stuff.
+		 */
+		pr->perms->mode = 0200;
+		return restore_devices_list(paux, off, pr);
 	}
 	return restore_cgroup_prop(pr, paux, off);