| commit | ec229e830060091b9be63c8f873c1b2407a82821 | |
| author | Li Zefan <lizf@cn.fujitsu.com> | |
| Sun, 13 Jul 2008 19:14:04 +0000 (13 12:14 -0700) | ||
| committer | Linus Torvalds <torvalds@linux-foundation.org> | |
| Sun, 13 Jul 2008 19:51:18 +0000 (13 12:51 -0700) | ||
| tree | 505231f1cad4a3258d509dfc75e47ed445647ff6 | treesnapshot (tar.gz zip) |
| parent | 17d213f806dad629e9af36fc45f082b87ed7bceb | commitdiff |
devcgroup: fix permission check when adding entry to child cgroup
# cat devices.list
c 1:3 r
# echo 'c 1:3 w' > sub/devices.allow
# cat sub/devices.list
c 1:3 w
As illustrated, the parent group has no write permission to /dev/null, so
it's child should not be allowed to add this write permission.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
# cat devices.list
c 1:3 r
# echo 'c 1:3 w' > sub/devices.allow
# cat sub/devices.list
c 1:3 w
As illustrated, the parent group has no write permission to /dev/null, so
it's child should not be allowed to add this write permission.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| security/device_cgroup.c | diffblobblamehistory |