[Devel] [PATCH rh7 8/8] ve/proc/block: show /proc/diskstats inside a Container

[Konstantin Khorenko]

The proc file is virtualized, so it contains stats for only those block
devices which are allowed by device cgroup related to the Container.

https://jira.sw.ru/browse/PSBM-90491
https://jira.sw.ru/browse/PSBM-92107

Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 block/genhd.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/block/genhd.c b/block/genhd.c
index 60763963318ef..5c2e3d0dc3542 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -1271,6 +1271,7 @@ EXPORT_SYMBOL(disk_type);
  */
 static int diskstats_show(struct seq_file *seqf, void *v)
 {
+	struct ve_struct *ve = get_exec_env();
 	struct gendisk *gp = v;
 	struct disk_part_iter piter;
 	struct hd_struct *hd;
@@ -1288,6 +1289,11 @@ static int diskstats_show(struct seq_file *seqf, void *v)
 
 	disk_part_iter_init(&piter, gp, DISK_PITER_INCL_EMPTY_PART0);
 	while ((hd = disk_part_iter_next(&piter))) {
+		if (!ve_is_super(ve) &&
+			(devcgroup_device_permission(S_IFBLK, part_devt(hd),
+						     MAY_READ)))
+				continue;
+
 		cpu = part_stat_lock();
 		part_round_stats(gp->queue, cpu, hd);
 		part_stat_unlock();
@@ -1335,7 +1341,7 @@ static const struct file_operations proc_diskstats_operations = {
 
 static int __init proc_genhd_init(void)
 {
-	proc_create("diskstats", 0, NULL, &proc_diskstats_operations);
+	proc_create("diskstats", S_ISVTX, NULL, &proc_diskstats_operations);
 	proc_create("partitions", S_ISVTX, NULL, &proc_partitions_operations);
 	return 0;
 }
-- 
2.15.1