diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-03-11 17:42:24 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-03-11 17:43:41 +0100 |
commit | e41969e3d1a8bda8b0b2f7eb012cef1c8835509a (patch) | |
tree | 6e1bc56a7fc9212e785265e9ee97888578d5e914 | |
parent | 98b2f766b24c84fc49a4df954717b1f96bbce00d (diff) |
core: support globbing matches in DeviceAllow= when checking for device groups
-rw-r--r-- | man/systemd.resource-control.xml | 12 | ||||
-rw-r--r-- | src/core/cgroup.c | 4 |
2 files changed, 11 insertions, 5 deletions
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index c3fd5fcee4..a51e600ebb 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -275,12 +275,16 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. followed by a device group name, as listed in <filename>/proc/devices</filename>. The latter is useful to whitelist all current and future devices belonging to a - specific device group at once. Examples: - <filename>/dev/sda5</filename> is a path to a device node, - referring to an ATA or SCSI block + specific device group at once. The device group is matched + according to file name globbing rules, you may hence use the + <literal>*</literal> and <literal>?</literal> + wildcards. Examples: <filename>/dev/sda5</filename> is a + path to a device node, referring to an ATA or SCSI block device. <literal>char-pts</literal> and <literal>char-alsa</literal> are specifiers for all pseudo - TTYs and all ALSA sound devices, respectively.</para> + TTYs and all ALSA sound devices, + respectively. <literal>char-cpu/*</literal> is a specifier + matching all CPU related device groups.</para> </listitem> </varlistentry> diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 1327486509..18de888ba6 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -20,6 +20,7 @@ ***/ #include <fcntl.h> +#include <fnmatch.h> #include "path-util.h" #include "special.h" @@ -246,7 +247,8 @@ static int whitelist_major(const char *path, const char *name, char type, const w++; w += strspn(w, WHITESPACE); - if (!streq(w, name)) + + if (fnmatch(name, w, 0) != 0) continue; sprintf(buf, |