Re: [RFC] cgroups: implement device whitelist lsm (v2)

From: Paul Menage
Date: Fri Mar 14 2008 - 10:16:05 EST


On Fri, Mar 14, 2008 at 7:05 AM, Serge E. Hallyn <serue@xxxxxxxxxx> wrote:
> > > A task may only be moved to another devcgroup if it is moving to
> > > a direct descendent of its current devcgroup.
> >
> > What's the rationale for that?
>
> To prevent it escaping to laxer device permissions, which of course only
> makes sense if we do what you recommend above :)
>

That makes it impossible for a root process to enter a child cgroup,
do something, and then go back to its own cgroup. Why aren't the
existing cgroup security semantics sufficient?

Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/