From: Luca Boccassi <bluca@debian.org>
Date: Tue, 3 Oct 2023 00:06:35 +0000 (+0100)
Subject: core: add cgroup_add_or_update_device_allow()
X-Git-Tag: v255-rc1~250^2~7
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c3166b25e24b00fa434ffeaf6c2ee64da74628e3;p=thirdparty%2Fsystemd.git

core: add cgroup_add_or_update_device_allow()
---

diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 69c9d9a9bbe..e217eab7eed 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -731,6 +731,23 @@ int cgroup_context_add_device_allow(CGroupContext *c, const char *dev, const cha
         return 0;
 }
 
+int cgroup_context_add_or_update_device_allow(CGroupContext *c, const char *dev, const char *mode) {
+        assert(c);
+        assert(dev);
+        assert(isempty(mode) || in_charset(mode, "rwm"));
+
+        LIST_FOREACH(device_allow, b, c->device_allow)
+                if (path_equal(b->path, dev)) {
+                        b->r = isempty(mode) || strchr(mode, 'r');
+                        b->w = isempty(mode) || strchr(mode, 'w');
+                        b->m = isempty(mode) || strchr(mode, 'm');
+
+                        return 0;
+                }
+
+        return cgroup_context_add_device_allow(c, dev, mode);
+}
+
 int cgroup_context_add_bpf_foreign_program(CGroupContext *c, uint32_t attach_type, const char *bpffs_path) {
         CGroupBPFForeignProgram *p;
         _cleanup_free_ char *d = NULL;
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index 072c92f0117..80d353fac6a 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -279,6 +279,7 @@ static inline bool cgroup_context_want_memory_pressure(const CGroupContext *c) {
 }
 
 int cgroup_context_add_device_allow(CGroupContext *c, const char *dev, const char *mode);
+int cgroup_context_add_or_update_device_allow(CGroupContext *c, const char *dev, const char *mode);
 int cgroup_context_add_bpf_foreign_program(CGroupContext *c, uint32_t attach_type, const char *path);
 
 void unit_modify_nft_set(Unit *u, bool add);
diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index d38e8a6aeb4..820b43ee1fe 100644
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -1820,31 +1820,9 @@ int bus_cgroup_set_property(
                                 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires combination of rwm flags");
 
                         if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-                                CGroupDeviceAllow *a = NULL;
-
-                                LIST_FOREACH(device_allow, b, c->device_allow)
-                                        if (path_equal(b->path, path)) {
-                                                a = b;
-                                                break;
-                                        }
-
-                                if (!a) {
-                                        a = new0(CGroupDeviceAllow, 1);
-                                        if (!a)
-                                                return -ENOMEM;
-
-                                        a->path = strdup(path);
-                                        if (!a->path) {
-                                                free(a);
-                                                return -ENOMEM;
-                                        }
-
-                                        LIST_PREPEND(device_allow, c->device_allow, a);
-                                }
-
-                                a->r = strchr(rwm, 'r');
-                                a->w = strchr(rwm, 'w');
-                                a->m = strchr(rwm, 'm');
+                                r = cgroup_context_add_or_update_device_allow(c, path, rwm);
+                                if (r < 0)
+                                        return r;
                         }
 
                         n++;