+ sprintf(buf, "%u:%u %lu", major(dev), minor(dev), w->weight);
+ r = cg_set_attribute("blkio", path, "blkio.weight_device", buf);
+ if (r < 0)
+ log_error("Failed to set blkio.weight_device on %s: %s", path, strerror(-r));
+ }
+
+ /* FIXME: no way to reset this list */
+ LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
+ const char *a;
+ dev_t dev;
+
+ r = lookup_blkio_device(b->path, &dev);
+ if (r < 0)
+ continue;
+
+ a = b->read ? "blkio.throttle.read_bps_device" : "blkio.throttle.write_bps_device";
+
+ sprintf(buf, "%u:%u %" PRIu64 "\n", major(dev), minor(dev), b->bandwidth);
+ r = cg_set_attribute("blkio", path, a, buf);
+ if (r < 0)
+ log_error("Failed to set %s on %s: %s", a, path, strerror(-r));
+ }
+ }
+
+ if (mask & CGROUP_MEMORY) {
+ if (c->memory_limit != (uint64_t) -1) {
+ char buf[DECIMAL_STR_MAX(uint64_t) + 1];
+
+ sprintf(buf, "%" PRIu64 "\n", c->memory_limit);
+ r = cg_set_attribute("memory", path, "memory.limit_in_bytes", buf);
+ } else
+ r = cg_set_attribute("memory", path, "memory.limit_in_bytes", "-1");
+
+ if (r < 0)
+ log_error("Failed to set memory.limit_in_bytes on %s: %s", path, strerror(-r));
+ }
+
+ if (mask & CGROUP_DEVICE) {
+ CGroupDeviceAllow *a;
+
+ if (c->device_allow || c->device_policy != CGROUP_AUTO)
+ r = cg_set_attribute("devices", path, "devices.deny", "a");
+ else
+ r = cg_set_attribute("devices", path, "devices.allow", "a");
+ if (r < 0)
+ log_error("Failed to reset devices.list on %s: %s", path, strerror(-r));
+
+ if (c->device_policy == CGROUP_CLOSED ||
+ (c->device_policy == CGROUP_AUTO && c->device_allow)) {
+ static const char auto_devices[] =
+ "/dev/null\0" "rw\0"
+ "/dev/zero\0" "rw\0"
+ "/dev/full\0" "rw\0"
+ "/dev/random\0" "rw\0"
+ "/dev/urandom\0" "rw\0";
+
+ const char *x, *y;
+
+ NULSTR_FOREACH_PAIR(x, y, auto_devices)
+ whitelist_device(path, x, y);
+ }
+
+ LIST_FOREACH(device_allow, a, c->device_allow) {
+ char acc[4];
+ unsigned k = 0;
+
+ if (a->r)
+ acc[k++] = 'r';
+ if (a->w)
+ acc[k++] = 'w';
+ if (a->m)
+ acc[k++] = 'm';
+
+ if (k == 0)
+ continue;