add devices controller logic to cgsnapshot tool

This patch adds devices controller logic to cgsnapshot tool
so now it is able to parse devices.

CHANGELOG:
 * incorporate Jan's feedback

EXAMPLE:
# cgget -g devices /dev
/dev:
devices.list=c 1:* wm
devices.deny=
devices.allow=

# cgsnapshot -b samples/blacklist.conf -w samples/whitelist.conf
# Configuration file generated by cgsnapshot
mount {
	cpuset = /cgroup/1;
	cpu = /cgroup/2;
	cpuacct = /cgroup/3;
	memory = /cgroup/4;
	devices = /cgroup/5;
	freezer = /cgroup/6;
	net_cls = /cgroup/7;
}

group dev {
	perm {
		admin {
			uid = root;
			gid = root;
		}
		task {
			uid = root;
			gid = root;
		}
	}
	devices {
		devices.deny="a *:* rwm";
		devices.allow="c 1:* wm";
	}
}

Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com>
Signed-off-by: Jan Safranek <jsafrane@redhat.com>

diff --git a/samples/cgsnapshot_blacklist.conf b/samples/cgsnapshot_blacklist.conf
index ff14b7d9cb7820182f223ae425149521f9a6db35..28924692c15f148d259199f5fba89f940e1a1a9d 100644 (file)
--- a/samples/cgsnapshot_blacklist.conf
+++ b/samples/cgsnapshot_blacklist.conf
@@ -11,8 +11,6 @@ cpuacct.stat
 cpuacct.usage_percpu
 
 #devices
-devices.deny
-devices.allow
 
 #cpuset
 

diff --git a/samples/cgsnapshot_whitelist.conf b/samples/cgsnapshot_whitelist.conf
index c8481ea69762ebf7f2879d39e7948248134ddaba..2c9ab23831b0c2c7b5787e29acdf0db75e15f4fb 100644 (file)
--- a/samples/cgsnapshot_whitelist.conf
+++ b/samples/cgsnapshot_whitelist.conf
@@ -20,6 +20,9 @@ cpu.rt_period_us
 cpuacct.usage
 
 #devices
+devices.deny
+devices.allow
+devices.list
 
 #cpuset
 cpuset.memory_spread_slab

diff --git a/src/tools/cgsnapshot.c b/src/tools/cgsnapshot.c
index 5e2c7adc0dced9ebbed80707962c7741a6943da3..a593f91a747b1b3c8222ee8f8fa0c4643fc40a58 100644 (file)
--- a/src/tools/cgsnapshot.c
+++ b/src/tools/cgsnapshot.c
@@ -280,6 +280,7 @@ static int display_cgroup_data(struct cgroup *group,
        int bl, wl = 0; /* is on the blacklist/whitelist flag */
        int nr_var = 0;
        char *name;
+       char *output_name;
        struct cgroup_controller *group_controller = NULL;
        char *value = NULL;
        char var_path[FILENAME_MAX];
@@ -325,8 +326,11 @@ static int display_cgroup_data(struct cgroup *group,
                        ret = stat(var_path, &sb);
                        /* freezer.state is not in root group so ret != 0,
                         * but it should be listed
+                        * device.list should be read to create
+                        * device.allow input
                         */
-                       if ((ret == 0) && ((sb.st_mode & S_IWUSR) == 0)) {
+                       if ((ret == 0) && ((sb.st_mode & S_IWUSR) == 0) &&
+                           (strcmp("devices.list", name) != 0)) {
                                /* variable is not writable */
                                continue;
                        }
@@ -352,6 +356,23 @@ static int display_cgroup_data(struct cgroup *group,
                                        "neither blacklisted nor "\
                                        "whitelisted\n", name);
 
+                       output_name = name;
+
+                       /* deal with devices variables:
+                        * - omit devices.deny and device.allow,
+                        * - generate devices.{deny,allow} from
+                        * device.list variable (deny all and then
+                        * all device.list devices */
+                       if ((strcmp("devices.deny", name) == 0) ||
+                               (strcmp("devices.allow", name) == 0)) {
+                               continue;
+                       }
+                       if (strcmp("devices.list", name) == 0) {
+                               output_name = "devices.allow";
+                               fprintf(of,
+                                       "\t\tdevices.deny=\"a *:* rwm\";\n");
+                       }
+
                        ret = cgroup_get_value_string(group_controller,
                                name, &value);
 
@@ -363,7 +384,7 @@ static int display_cgroup_data(struct cgroup *group,
                                        name);
                                goto err;
                        }
-                       fprintf(of, "\t\t%s=\"%s\";\n", name, value);
+                       fprintf(of, "\t\t%s=\"%s\";\n", output_name, value);
                }
                fprintf(of, "\t}\n");
        }