/**
* z_policy_init:
* @self: this
* @instance_name: array of instance name and aliases
*
* Initialises the current policy by calling ?Zorp.init?.
* The function interface (not the implementation) here should be
* independent of python.
*
* Returns:
* TRUE on success
*/
gboolean
z_policy_init(ZPolicy *self, gchar const **instance_name)
{
PyObject *main_module, *init_func, *res;
gboolean success = FALSE;
cap_t saved_caps;
z_policy_thread_acquire(self->main_thread);
main_module = PyImport_AddModule("__main__");
init_func = PyObject_GetAttrString(main_module, "init");
saved_caps = cap_save();
cap_enable(CAP_NET_ADMIN);
res = PyObject_CallFunction(init_func, "(O)", z_policy_convert_strv_to_list(instance_name));
cap_restore(saved_caps);
Py_XDECREF(init_func);
if (res && z_policy_var_parse(res, "i", &success))
{
/* init successful */
}
else if (!res)
{
PyErr_Print();
}
Py_XDECREF(res);
z_policy_thread_release(self->main_thread);
return success;
}
/**
* z_policy_cleanup:
* @self: this
* @instance_name: array of instance name and aliases
*
* Cleans up the current policy by calling ?Zorp.cleanup?.
* Currently used by KZorp to flush kernel data structures
* when Zorp is exiting.
*
* Returns:
* TRUE on success
*/
gboolean
z_policy_cleanup(ZPolicy *self, gchar const **instance_name)
{
PyObject *main_module, *cleanup_func, *res;
cap_t saved_caps;
z_policy_thread_acquire(self->main_thread);
main_module = PyImport_AddModule("__main__");
cleanup_func = PyObject_GetAttrString(main_module, "cleanup");
saved_caps = cap_save();
cap_enable(CAP_NET_ADMIN);
res = PyObject_CallFunction(cleanup_func, "(O)", z_policy_convert_strv_to_list(instance_name));
cap_restore(saved_caps);
Py_XDECREF(cleanup_func);
if (!res)
{
PyErr_Print();
}
Py_XDECREF(res);
z_policy_thread_release(self->main_thread);
return res != NULL;
}
/*
* Enable cap for a zone
* It is safe to enable already enabled zone cap.
* Should be called with caps_lock held.
*/
static void
cap_zone_enable(zone_t *zone, hrtime_t value)
{
cpucap_t *cap = zone->zone_cpucap;
ASSERT(MUTEX_HELD(&caps_lock));
ASSERT(cap != NULL);
if (CAP_DISABLED(cap)) {
ASSERT(cap->cap_kstat == NULL);
cap_enable(&capped_zones, cap, value);
cap->cap_zone = zone;
/*
* Create cap kstats
*/
if ((cap->cap_kstat = rctl_kstat_create_zone(zone, "cpucaps",
KSTAT_TYPE_NAMED,
sizeof (cap_kstat) / sizeof (kstat_named_t),
KSTAT_FLAG_VIRTUAL)) != NULL) {
cap->cap_kstat->ks_data_size +=
strlen(cap->cap_zone->zone_name) + 1;
cap->cap_kstat->ks_lock = &cap_kstat_lock;
cap->cap_kstat->ks_data = &cap_kstat;
cap->cap_kstat->ks_update = cap_kstat_update;
cap->cap_kstat->ks_private = cap;
kstat_install(cap->cap_kstat);
}
}
}
void
z_fd_set_our_tos(gint fd, guint8 tos)
{
socklen_t len;
cap_t saved_caps;
saved_caps = cap_save();
len = sizeof(tos);
cap_enable(CAP_NET_ADMIN);
if (setsockopt(fd, SOL_IP, IP_TOS, &tos, len) < 0)
{
if (errno != ENOTSOCK && errno != EOPNOTSUPP)
{
z_log(NULL, CORE_ERROR, 3, "Error setting ToS value on socket; fd='%d', tos='%d', error='%s', errno='%d'", fd, tos, g_strerror(errno), errno);
}
}
else
{
z_log(NULL, CORE_DEBUG, 6, "Setting socket ToS value; fd='%d', tos='%d'", fd, tos);
}
cap_restore(saved_caps);
}
