cgroup: Extend DeviceAllow= syntax to whitelist groups of devices, not just particula...

[elogind.git] / src / core / dbus-cgroup.c

diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index 861bb16445ed718962112cac254a4f694809f32d..b8a77254d94d20da932ca57a7143b6c58a5c694b 100644 (file)
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -321,10 +321,9 @@ int bus_cgroup_set_property(
                 if (r < 0)
                         return r;
 
-                while (( r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) {
-                        unsigned long ul;
+                while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) {
+                        unsigned long ul = u64;
 
-                        ul = (unsigned long) u64;
                         if (ul < 10 || ul > 1000)
                                 return sd_bus_error_set_errnof(error, EINVAL, "BlockIODeviceWeight out of range");
 
@@ -443,8 +442,11 @@ int bus_cgroup_set_property(
 
                 while ((r = sd_bus_message_read(message, "(ss)", &path, &rwm)) > 0) {
 
-                        if (!path_startswith(path, "/dev"))
-                                return sd_bus_error_set_errnof(error, EINVAL, "DeviceAllow= requires device node");
+                        if ((!startswith(path, "/dev/") &&
+                             !startswith(path, "block-") &&
+                             !startswith(path, "char-")) ||
+                            strpbrk(path, WHITESPACE))
+                            return sd_bus_error_set_errnof(error, EINVAL, "DeviceAllow= requires device node");
 
                         if (isempty(rwm))
                                 rwm = "rwm";