From 934bb475e2c9971ff8315595fb2080499529ed6e Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Thu, 18 Feb 2021 10:41:52 +0100
Subject: [PATCH] commands: improve bpf device program management

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/commands.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index 2fbe73f71..0a27207d0 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -1237,9 +1237,20 @@ static int lxc_cmd_add_bpf_device_cgroup_callback(int fd, struct lxc_cmd_req *re
 	if (ret)
 		goto respond;
 
+	bpf_device_set_type(devices, &conf->devices);
+	TRACE("Device bpf %s all devices by default",
+	      bpf_device_block_all(devices) ? "blocks" : "allows");
+
 	lxc_list_for_each(it, &conf->devices) {
 		struct device_item *cur = it->elem;
 
+		if (!bpf_device_add(devices, cur)) {
+			TRACE("Skipping type %c, major %d, minor %d, access %s, allow %d",
+			      cur->type, cur->major, cur->minor, cur->access,
+			      cur->allow);
+			continue;
+		}
+
 		ret = bpf_program_append_device(devices, cur);
 		if (ret)
 			goto respond;
-- 
2.47.2