8e8b5d2e6d
Previously we'd allow pattern expressions such as "char-input" to match all input devices. Internally, this would look up the right major to test in /proc/devices. With this commit the syntax is slightly extended: - "char-*" can be used to match any kind of character device, and similar "block-*. This expression would work previously already, but instead of actually installing a wildcard match it would install many individual matches for everything listed in /proc/devices. - "char-<MAJOR>" with "<MAJOR>" being a numerical parameter works now too. This allows clients to install whitelist items by specifying the major directly. The main reason to add these is to provide limited compat support for clients that for some reason contain whitelists with major/minor numbers (such as OCI containers).
18 lines
596 B
C
18 lines
596 B
C
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
#pragma once
|
|
|
|
#include <inttypes.h>
|
|
|
|
#include "unit.h"
|
|
|
|
struct BPFProgram;
|
|
|
|
int bpf_devices_supported(void);
|
|
|
|
int cgroup_bpf_whitelist_device(BPFProgram *p, int type, int major, int minor, const char *acc);
|
|
int cgroup_bpf_whitelist_major(BPFProgram *p, int type, int major, const char *acc);
|
|
int cgroup_bpf_whitelist_class(BPFProgram *prog, int type, const char *acc);
|
|
|
|
int cgroup_init_device_bpf(BPFProgram **ret, CGroupDevicePolicy policy, bool whitelist);
|
|
int cgroup_apply_device_bpf(Unit *u, BPFProgram *p, CGroupDevicePolicy policy, bool whitelist);
|