Re: [PATCH 2/2] devcgroup: fix permission check when adding entryto child cgroup
From: Serge E. Hallyn
Date: Mon Jul 07 2008 - 11:49:26 EST
Quoting Li Zefan (lizf@xxxxxxxxxxxxxx):
> # cat devices.list
> c 1:3 r
> # echo 'c 1:3 w' > sub/devices.allow
> # cat sub/devices.list
> c 1:3 w
>
> As illustrated, the parent group has no write permission to /dev/null,
> so its child should not be allowed to add this write permission,
> which is documented in Documentation/controllers/devices.txt.
>
> Signed-off-by: Li Zefan <lizf@xxxxxxxxxxxxxx>
I have no idea where that came from (but see that it was in my original
submission). Maybe I meant to do &, but that still isn't necessary.
Acked-by: Serge Hallyn <serue@xxxxxxxxxx>
thanks,
-serge
> ---
> security/device_cgroup.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/security/device_cgroup.c b/security/device_cgroup.c
> index 1e2e28a..ddd92ce 100644
> --- a/security/device_cgroup.c
> +++ b/security/device_cgroup.c
> @@ -300,7 +300,7 @@ static int may_access_whitelist(struct dev_cgroup *c,
> continue;
> if (whitem->minor != ~0 && whitem->minor != refwh->minor)
> continue;
> - if (refwh->access & (~(whitem->access | ACC_MASK)))
> + if (refwh->access & (~whitem->access))
> continue;
> return 1;
> }
> --
> 1.5.4.rc3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/