core: add cgroup_add_or_update_device_allow()

diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 69c9d9a9bbeb638afa0fd83a0841b65043c0c9da..e217eab7eed09a1b9c18f114789b443318deaac9 100644 (file)
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -731,6 +731,23 @@ int cgroup_context_add_device_allow(CGroupContext *c, const char *dev, const cha
         return 0;
 }
 
+int cgroup_context_add_or_update_device_allow(CGroupContext *c, const char *dev, const char *mode) {
+        assert(c);
+        assert(dev);
+        assert(isempty(mode) || in_charset(mode, "rwm"));
+
+        LIST_FOREACH(device_allow, b, c->device_allow)
+                if (path_equal(b->path, dev)) {
+                        b->r = isempty(mode) || strchr(mode, 'r');
+                        b->w = isempty(mode) || strchr(mode, 'w');
+                        b->m = isempty(mode) || strchr(mode, 'm');
+
+                        return 0;
+                }
+
+        return cgroup_context_add_device_allow(c, dev, mode);
+}
+
 int cgroup_context_add_bpf_foreign_program(CGroupContext *c, uint32_t attach_type, const char *bpffs_path) {
         CGroupBPFForeignProgram *p;
         _cleanup_free_ char *d = NULL;

diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index 072c92f0117980f9306a146c7324a83571e03aa9..80d353fac6af3096a5cd56ff78d8f25d185c1df5 100644 (file)
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -279,6 +279,7 @@ static inline bool cgroup_context_want_memory_pressure(const CGroupContext *c) {
 }
 
 int cgroup_context_add_device_allow(CGroupContext *c, const char *dev, const char *mode);
+int cgroup_context_add_or_update_device_allow(CGroupContext *c, const char *dev, const char *mode);
 int cgroup_context_add_bpf_foreign_program(CGroupContext *c, uint32_t attach_type, const char *path);
 
 void unit_modify_nft_set(Unit *u, bool add);

diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index d38e8a6aeb4142542ac5c9749f89514815b675a4..820b43ee1fe6b594930676fd08be4705aba56a31 100644 (file)
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -1820,31 +1820,9 @@ int bus_cgroup_set_property(
                                 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires combination of rwm flags");
 
                         if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-                                CGroupDeviceAllow *a = NULL;
-
-                                LIST_FOREACH(device_allow, b, c->device_allow)
-                                        if (path_equal(b->path, path)) {
-                                                a = b;
-                                                break;
-                                        }
-
-                                if (!a) {
-                                        a = new0(CGroupDeviceAllow, 1);
-                                        if (!a)
-                                                return -ENOMEM;
-
-                                        a->path = strdup(path);
-                                        if (!a->path) {
-                                                free(a);
-                                                return -ENOMEM;
-                                        }
-
-                                        LIST_PREPEND(device_allow, c->device_allow, a);
-                                }
-
-                                a->r = strchr(rwm, 'r');
-                                a->w = strchr(rwm, 'w');
-                                a->m = strchr(rwm, 'm');
+                                r = cgroup_context_add_or_update_device_allow(c, path, rwm);
+                                if (r < 0)
+                                        return r;
                         }
 
                         n++;