/** * z_policy_init: * @self: this * @instance_name: array of instance name and aliases * * Initialises the current policy by calling ?Zorp.init?. * The function interface (not the implementation) here should be * independent of python. * * Returns: * TRUE on success */ gboolean z_policy_init(ZPolicy *self, gchar const **instance_name) { PyObject *main_module, *init_func, *res; gboolean success = FALSE; cap_t saved_caps; z_policy_thread_acquire(self->main_thread); main_module = PyImport_AddModule("__main__"); init_func = PyObject_GetAttrString(main_module, "init"); saved_caps = cap_save(); cap_enable(CAP_NET_ADMIN); res = PyObject_CallFunction(init_func, "(O)", z_policy_convert_strv_to_list(instance_name)); cap_restore(saved_caps); Py_XDECREF(init_func); if (res && z_policy_var_parse(res, "i", &success)) { /* init successful */ } else if (!res) { PyErr_Print(); } Py_XDECREF(res); z_policy_thread_release(self->main_thread); return success; }
/** * z_policy_cleanup: * @self: this * @instance_name: array of instance name and aliases * * Cleans up the current policy by calling ?Zorp.cleanup?. * Currently used by KZorp to flush kernel data structures * when Zorp is exiting. * * Returns: * TRUE on success */ gboolean z_policy_cleanup(ZPolicy *self, gchar const **instance_name) { PyObject *main_module, *cleanup_func, *res; cap_t saved_caps; z_policy_thread_acquire(self->main_thread); main_module = PyImport_AddModule("__main__"); cleanup_func = PyObject_GetAttrString(main_module, "cleanup"); saved_caps = cap_save(); cap_enable(CAP_NET_ADMIN); res = PyObject_CallFunction(cleanup_func, "(O)", z_policy_convert_strv_to_list(instance_name)); cap_restore(saved_caps); Py_XDECREF(cleanup_func); if (!res) { PyErr_Print(); } Py_XDECREF(res); z_policy_thread_release(self->main_thread); return res != NULL; }
/* * Enable cap for a zone * It is safe to enable already enabled zone cap. * Should be called with caps_lock held. */ static void cap_zone_enable(zone_t *zone, hrtime_t value) { cpucap_t *cap = zone->zone_cpucap; ASSERT(MUTEX_HELD(&caps_lock)); ASSERT(cap != NULL); if (CAP_DISABLED(cap)) { ASSERT(cap->cap_kstat == NULL); cap_enable(&capped_zones, cap, value); cap->cap_zone = zone; /* * Create cap kstats */ if ((cap->cap_kstat = rctl_kstat_create_zone(zone, "cpucaps", KSTAT_TYPE_NAMED, sizeof (cap_kstat) / sizeof (kstat_named_t), KSTAT_FLAG_VIRTUAL)) != NULL) { cap->cap_kstat->ks_data_size += strlen(cap->cap_zone->zone_name) + 1; cap->cap_kstat->ks_lock = &cap_kstat_lock; cap->cap_kstat->ks_data = &cap_kstat; cap->cap_kstat->ks_update = cap_kstat_update; cap->cap_kstat->ks_private = cap; kstat_install(cap->cap_kstat); } } }
void z_fd_set_our_tos(gint fd, guint8 tos) { socklen_t len; cap_t saved_caps; saved_caps = cap_save(); len = sizeof(tos); cap_enable(CAP_NET_ADMIN); if (setsockopt(fd, SOL_IP, IP_TOS, &tos, len) < 0) { if (errno != ENOTSOCK && errno != EOPNOTSUPP) { z_log(NULL, CORE_ERROR, 3, "Error setting ToS value on socket; fd='%d', tos='%d', error='%s', errno='%d'", fd, tos, g_strerror(errno), errno); } } else { z_log(NULL, CORE_DEBUG, 6, "Setting socket ToS value; fd='%d', tos='%d'", fd, tos); } cap_restore(saved_caps); }