From e41969e3d1a8bda8b0b2f7eb012cef1c8835509a Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 11 Mar 2014 17:42:24 +0100 Subject: [PATCH] core: support globbing matches in DeviceAllow= when checking for device groups --- man/systemd.resource-control.xml | 12 ++++++++---- src/core/cgroup.c | 4 +++- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index c3fd5fcee..a51e600eb 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -275,12 +275,16 @@ along with systemd; If not, see . followed by a device group name, as listed in /proc/devices. The latter is useful to whitelist all current and future devices belonging to a - specific device group at once. Examples: - /dev/sda5 is a path to a device node, - referring to an ATA or SCSI block + specific device group at once. The device group is matched + according to file name globbing rules, you may hence use the + * and ? + wildcards. Examples: /dev/sda5 is a + path to a device node, referring to an ATA or SCSI block device. char-pts and char-alsa are specifiers for all pseudo - TTYs and all ALSA sound devices, respectively. + TTYs and all ALSA sound devices, + respectively. char-cpu/* is a specifier + matching all CPU related device groups. diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 132748650..18de888ba 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -20,6 +20,7 @@ ***/ #include +#include #include "path-util.h" #include "special.h" @@ -246,7 +247,8 @@ static int whitelist_major(const char *path, const char *name, char type, const w++; w += strspn(w, WHITESPACE); - if (!streq(w, name)) + + if (fnmatch(name, w, 0) != 0) continue; sprintf(buf, -- 2.30.2