From: Lennart Poettering Date: Tue, 11 Mar 2014 16:42:24 +0000 (+0100) Subject: core: support globbing matches in DeviceAllow= when checking for device groups X-Git-Tag: v211~21 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e41969e3d1a8bda8b0b2f7eb012cef1c8835509a;p=thirdparty%2Fsystemd.git core: support globbing matches in DeviceAllow= when checking for device groups --- diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index c3fd5fcee41..a51e600ebb3 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -275,12 +275,16 @@ along with systemd; If not, see . followed by a device group name, as listed in /proc/devices. The latter is useful to whitelist all current and future devices belonging to a - specific device group at once. Examples: - /dev/sda5 is a path to a device node, - referring to an ATA or SCSI block + specific device group at once. The device group is matched + according to file name globbing rules, you may hence use the + * and ? + wildcards. Examples: /dev/sda5 is a + path to a device node, referring to an ATA or SCSI block device. char-pts and char-alsa are specifiers for all pseudo - TTYs and all ALSA sound devices, respectively. + TTYs and all ALSA sound devices, + respectively. char-cpu/* is a specifier + matching all CPU related device groups. diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 1327486509a..18de888ba67 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -20,6 +20,7 @@ ***/ #include +#include #include "path-util.h" #include "special.h" @@ -246,7 +247,8 @@ static int whitelist_major(const char *path, const char *name, char type, const w++; w += strspn(w, WHITESPACE); - if (!streq(w, name)) + + if (fnmatch(name, w, 0) != 0) continue; sprintf(buf,