diff options
| author | Aristeu Rozanski <aris@redhat.com> | 2014-05-05 11:18:59 -0400 |
|---|---|---|
| committer | Jiri Slaby <jslaby@suse.cz> | 2014-06-09 15:53:24 +0200 |
| commit | 9c660fc8dad9a2c98c3cf16b31b3f5072914edf4 (patch) | |
| tree | 47ee9fe006f3d9a64020da5bbff4830cd588278a /crypto | |
| parent | b2daa1de05e24e824a90bfa87316f2c120debe0e (diff) | |
device_cgroup: check if exception removal is allowed
commit d2c2b11cfa134f4fbdcc34088824da26a084d8de upstream.
[PATCH v3 1/2] device_cgroup: check if exception removal is allowed
When the device cgroup hierarchy was introduced in
bd2953ebbb53 - devcg: propagate local changes down the hierarchy
a specific case was overlooked. Consider the hierarchy bellow:
A default policy: ALLOW, exceptions will deny access
\
B default policy: ALLOW, exceptions will deny access
There's no need to verify when an new exception is added to B because
in this case exceptions will deny access to further devices, which is
always fine. Hierarchy in device cgroup only makes sure B won't have
more access than A.
But when an exception is removed (by writing devices.allow), it isn't
checked if the user is in fact removing an inherited exception from A,
thus giving more access to B.
Example:
# echo 'a' >A/devices.allow
# echo 'c 1:3 rw' >A/devices.deny
# echo $$ >A/B/tasks
# echo >/dev/null
-bash: /dev/null: Operation not permitted
# echo 'c 1:3 w' >A/B/devices.allow
# echo >/dev/null
#
This shouldn't be allowed and this patch fixes it by making sure to never allow
exceptions in this case to be removed if the exception is partially or fully
present on the parent.
v3: missing '*' in function description
v2: improved log message and formatting fixes
Cc: cgroups@vger.kernel.org
Cc: Li Zefan <lizefan@huawei.com>
Signed-off-by: Aristeu Rozanski <arozansk@redhat.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Diffstat (limited to 'crypto')
0 files changed, 0 insertions, 0 deletions