[Devel] Move ve_struct::devmnt to dev_cgroup and set ACC_MOUNT if devmnt set

[Kirill Tkhai]

Hi, all,

we have several configuration options which limit a block device inside a CT.
They are dev_cgroup exceptions bits, ve_struct::devmnt options and
ve_struct::ve_sysfs_perms.

We don't have a way to configure ACC_MOUNT bit using dev_cgroup interface, so
we use VZCTL_SETDEVPERMS ioctl for that. We used to do not want to add it to cgroup
inteface, because it's not it mainstream and some userspace may be confused from
additional bit.

Igor suggested to simplify userspace life and to allow to mount a block device
in any sences when we're setting ve_struct::devmnt options. Kernel will set the bit
by itself. This allows to get rid of the ioctl for newer vzctl.

Maybe good, but this leads to cross-cgroup dependence (dev_cgroup and ve cgroup).
It's dirty and not OK. So I want to move devmnt from ve cgroup to dev_cgroup,
and make device mount options an option of dev_cgroup. This looks logically.
Both device configuring eggs together.

Does anybody have objection from that?

Kirill