commands: replace bpf program on update

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: replace bpf program on update
a4ade846 · Christian Brauner · b76873a5 · a4ade846
Unverified Commit a4ade846 authored Feb 18, 2021 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 2 deletions

commands.c src/lxc/commands.c +13 -2

No files found.
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -1260,8 +1260,19 @@ static int lxc_cmd_add_bpf_device_cgroup_callback(int fd, struct lxc_cmd_req *re
 	if (ret)
 		goto respond;

-	ret = bpf_program_cgroup_attach(devices, BPF_CGROUP_DEVICE,
-					unified->cgfd_mon, -EBADF, BPF_F_ALLOW_MULTI);
+	devices_old = cgroup_ops->cgroup2_devices;
+	if (devices_old && devices_old->kernel_fd >= 0)
+		ret = bpf_program_cgroup_attach(devices,
+						BPF_CGROUP_DEVICE,
+					        unified->cgfd_limit,
+						devices_old->kernel_fd,
+						BPF_F_ALLOW_MULTI | BPF_F_REPLACE);
+	else
+		ret = bpf_program_cgroup_attach(devices,
+						BPF_CGROUP_DEVICE,
+					        unified->cgfd_limit,
+						-EBADF,
+						BPF_F_ALLOW_MULTI);
 	if (ret)
 		goto respond;