commands: improve bpf device program management

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index 2fbe73f71d9d2ef879e83a7945d7043d08fc9abc..0a27207d01621f64580c60ff3f31d9c813d8d2f0 100644 (file)
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -1237,9 +1237,20 @@ static int lxc_cmd_add_bpf_device_cgroup_callback(int fd, struct lxc_cmd_req *re
        if (ret)
                goto respond;
 
+       bpf_device_set_type(devices, &conf->devices);
+       TRACE("Device bpf %s all devices by default",
+             bpf_device_block_all(devices) ? "blocks" : "allows");
+
        lxc_list_for_each(it, &conf->devices) {
                struct device_item *cur = it->elem;
 
+               if (!bpf_device_add(devices, cur)) {
+                       TRACE("Skipping type %c, major %d, minor %d, access %s, allow %d",
+                             cur->type, cur->major, cur->minor, cur->access,
+                             cur->allow);
+                       continue;
+               }
+
                ret = bpf_program_append_device(devices, cur);
                if (ret)
                        goto respond;