From: Lennart Poettering Date: Thu, 27 Jun 2013 21:13:17 +0000 (+0200) Subject: dbus: make DeviceAllow=/DevicePolicy= writable X-Git-Tag: v205~63 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=7041efe9600e569da6089c36d00fa3ff58e33178;p=elogind.git dbus: make DeviceAllow=/DevicePolicy= writable --- diff --git a/TODO b/TODO index 19fc2cd60..c34f1dab0 100644 --- a/TODO +++ b/TODO @@ -28,6 +28,10 @@ Fedora 19: Features: +* split up BlockIOWeight= and BlockIODeviceWeight= + +* how to reset dynamically changed attributes sanely? + * when reloading configuration, apply new cgroup configuration * implement system-wide DefaultCPUAccounting=1 switch (and similar for blockio, memory, fair scheduling?) diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c index ae360eae3..cf05f04ea 100644 --- a/src/core/dbus-cgroup.c +++ b/src/core/dbus-cgroup.c @@ -21,6 +21,7 @@ #include +#include "path-util.h" #include "dbus-cgroup.h" static DEFINE_BUS_PROPERTY_APPEND_ENUM(bus_cgroup_append_device_policy, cgroup_device_policy, CGroupDevicePolicy); @@ -264,6 +265,110 @@ int bus_cgroup_set_property( } } + return 1; + + } else if (streq(name, "DevicePolicy")) { + const char *policy; + CGroupDevicePolicy p; + + if (dbus_message_iter_get_arg_type(i) != DBUS_TYPE_STRING) + return -EINVAL; + + dbus_message_iter_get_basic(i, &policy); + p = cgroup_device_policy_from_string(policy); + if (p < 0) + return -EINVAL; + + if (mode != UNIT_CHECK) { + char *buf; + + c->device_policy = p; + + buf = strappenda("DevicePolicy=", policy); + unit_write_drop_in_private_section(u, mode, "device-policy", buf); + } + + return 1; + + } else if (streq(name, "DeviceAllow")) { + DBusMessageIter sub; + unsigned n = 0; + + if (dbus_message_iter_get_arg_type(i) != DBUS_TYPE_ARRAY || + dbus_message_iter_get_element_type(i) != DBUS_TYPE_STRUCT) + return -EINVAL; + + dbus_message_iter_recurse(i, &sub); + while (dbus_message_iter_get_arg_type(&sub) == DBUS_TYPE_STRUCT) { + DBusMessageIter sub2; + const char *path, *rwm; + CGroupDeviceAllow *a; + + dbus_message_iter_recurse(&sub, &sub2); + + if (bus_iter_get_basic_and_next(&sub2, DBUS_TYPE_STRING, &path, true) < 0 || + bus_iter_get_basic_and_next(&sub2, DBUS_TYPE_STRING, &rwm, false) < 0) + return -EINVAL; + + if (!path_startswith(path, "/dev")) { + dbus_set_error(error, DBUS_ERROR_INVALID_ARGS, "DeviceAllow= requires device node"); + return -EINVAL; + } + + if (isempty(rwm)) + rwm = "rwm"; + + if (!in_charset(rwm, "rwm")) { + dbus_set_error(error, DBUS_ERROR_INVALID_ARGS, "DeviceAllow= requires combination of rwm flags"); + return -EINVAL; + } + + n++; + + if (mode != UNIT_CHECK) { + a = new0(CGroupDeviceAllow, 1); + if (!a) + return -ENOMEM; + + a->path = strdup(path); + if (!a->path) { + free(a); + return -ENOMEM; + } + + a->r = !!strchr(rwm, 'r'); + a->w = !!strchr(rwm, 'w'); + a->m = !!strchr(rwm, 'm'); + + LIST_PREPEND(CGroupDeviceAllow, device_allow, c->device_allow, a); + } + + dbus_message_iter_next(&sub); + } + + if (mode != UNIT_CHECK) { + _cleanup_free_ char *buf = NULL; + _cleanup_fclose_ FILE *f = NULL; + CGroupDeviceAllow *a; + size_t size = 0; + + if (n == 0) { + while (c->device_allow) + cgroup_context_free_device_allow(c, c->device_allow); + } + + f = open_memstream(&buf, &size); + if (!f) + return -ENOMEM; + + fputs("DeviceAllow=\n", f); + LIST_FOREACH(device_allow, a, c->device_allow) + fprintf(f, "DeviceAllow=%s %s%s%s\n", a->path, a->r ? "r" : "", a->w ? "w" : "", a->m ? "m" : ""); + + fflush(f); + unit_write_drop_in_private_section(u, mode, "device-allow", buf); + } + return 1; } diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c index 5048b529e..ef1a07991 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c @@ -3661,6 +3661,43 @@ static int append_assignment(DBusMessageIter *iter, const char *assignment) { !dbus_message_iter_append_basic(&sub, DBUS_TYPE_UINT64, &u)) return log_oom(); + } else if (streq(field, "DevicePolicy")) { + + if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT, "s", &sub) || + !dbus_message_iter_append_basic(&sub, DBUS_TYPE_STRING, &eq)) + return log_oom(); + + } else if (streq(field, "DeviceAllow")) { + DBusMessageIter sub2; + + if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT, "a(ss)", &sub) || + !dbus_message_iter_open_container(&sub, DBUS_TYPE_ARRAY, "(ss)", &sub2)) + return log_oom(); + + if (!isempty(eq)) { + const char *path, *rwm; + DBusMessageIter sub3; + char *e; + + e = strchr(eq, ' '); + if (e) { + path = strndupa(eq, e - eq); + rwm = e+1; + } else { + path = eq; + rwm = ""; + } + + if (!dbus_message_iter_open_container(&sub2, DBUS_TYPE_STRUCT, NULL, &sub3) || + !dbus_message_iter_append_basic(&sub3, DBUS_TYPE_STRING, &path) || + !dbus_message_iter_append_basic(&sub3, DBUS_TYPE_STRING, &rwm) || + !dbus_message_iter_close_container(&sub2, &sub3)) + return log_oom(); + } + + if (!dbus_message_iter_close_container(&sub, &sub2)) + return log_oom(); + } else { log_error("Unknown assignment %s.", assignment); return -EINVAL;