From 9d5e9b4add4d22dedc9d3286bfae9687a2a7c641 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 11 Jun 2018 12:19:01 +0200 Subject: [PATCH] cgroup: relax checks for block device cgroup settings This drops needless safety checks that ensure we only reference block devices for blockio/io settings. The backing code was already able to accept regular file system paths too, in which case the backing device node of that file system would be used. Hence, let's drop the artificial restrictions and open up this underlying functionality. --- src/core/dbus-cgroup.c | 20 ++++++++------------ src/core/load-fragment.c | 28 ++-------------------------- 2 files changed, 10 insertions(+), 38 deletions(-) diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c index d170f6a..194b537 100644 --- a/src/core/dbus-cgroup.c +++ b/src/core/dbus-cgroup.c @@ -687,9 +687,8 @@ int bus_cgroup_set_property( while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) { - if (!path_startswith(path, "/dev") && - !path_startswith(path, "/run/systemd/inaccessible/")) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s specified in %s= is not a device file in /dev", name, path); + if (!path_is_normalized(path)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); if (!UNIT_WRITE_FLAGS_NOOP(flags)) { CGroupIODeviceLimit *a = NULL, *b; @@ -775,9 +774,8 @@ int bus_cgroup_set_property( while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) { - if (!path_startswith(path, "/dev") && - !path_startswith(path, "/run/systemd/inaccessible/")) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s specified in %s= is not a device file in /dev", name, path); + if (!path_is_normalized(path)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); if (!CGROUP_WEIGHT_IS_OK(weight) || weight == CGROUP_WEIGHT_INVALID) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "IODeviceWeight= value out of range"); @@ -861,9 +859,8 @@ int bus_cgroup_set_property( while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) { - if (!path_startswith(path, "/dev") && - !path_startswith(path, "/run/systemd/inaccessible/")) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s specified in %s= is not a device file in /dev", name, path); + if (!path_is_normalized(path)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); if (!UNIT_WRITE_FLAGS_NOOP(flags)) { CGroupBlockIODeviceBandwidth *a = NULL, *b; @@ -961,9 +958,8 @@ int bus_cgroup_set_property( while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) { - if (!path_startswith(path, "/dev") && - !path_startswith(path, "/run/systemd/inaccessible/")) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s specified in %s= is not a device file in /dev", name, path); + if (!path_is_normalized(path)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); if (!CGROUP_BLKIO_WEIGHT_IS_OK(weight) || weight == CGROUP_BLKIO_WEIGHT_INVALID) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "BlockIODeviceWeight= out of range"); diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index fb5b742..2d8525c 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -3317,12 +3317,6 @@ int config_parse_io_device_weight( if (r < 0) return 0; - if (!path_startswith(resolved, "/dev") && - !path_startswith(resolved, "/run/systemd/inaccessible/")) { - log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved); - return 0; - } - r = cg_weight_parse(p, &u); if (r < 0) { log_syntax(unit, LOG_ERR, filename, line, r, "IO weight '%s' invalid, ignoring: %m", p); @@ -3400,15 +3394,9 @@ int config_parse_io_limit( if (r < 0) return 0; - if (!path_startswith(resolved, "/dev") && - !path_startswith(resolved, "/run/systemd/inaccessible/")) { - log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved); - return 0; - } - - if (streq("infinity", p)) { + if (streq("infinity", p)) num = CGROUP_LIMIT_MAX; - } else { + else { r = parse_size(p, 1000, &num); if (r < 0 || num <= 0) { log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid IO limit '%s', ignoring.", p); @@ -3497,12 +3485,6 @@ int config_parse_blockio_device_weight( if (r < 0) return 0; - if (!path_startswith(resolved, "/dev") && - !path_startswith(resolved, "/run/systemd/inaccessible/")) { - log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device node path '%s'. Ignoring.", resolved); - return 0; - } - r = cg_blkio_weight_parse(p, &u); if (r < 0) { log_syntax(unit, LOG_ERR, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p); @@ -3581,12 +3563,6 @@ int config_parse_blockio_bandwidth( if (r < 0) return 0; - if (!path_startswith(resolved, "/dev") && - !path_startswith(resolved, "/run/systemd/inaccessible/")) { - log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved); - return 0; - } - r = parse_size(p, 1000, &bytes); if (r < 0 || bytes <= 0) { log_syntax(unit, LOG_ERR, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p); -- 2.7.4