[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAFeW=pZ8Y7ycxjxro7zBMqdtaCOYs4RmoxtDrsN8+mqLhOL--g@mail.gmail.com>
Date: Fri, 18 May 2012 15:46:17 +0800
From: Amos Kong <kongjianjun@...il.com>
To: Li Zefan <lizefan@...wei.com>
Cc: serue@...ibm.com, viro@...iv.linux.org.uk,
linux-kernel@...r.kernel.org, tj@...nel.org, jmorris@...ei.org
Subject: Re: cgroup: denying device doesn't work with 'rw' mode string
In devcgroup_create(), we create a new whitelist, and add first entry
which type is 'DEV_ALL'.
Execute "# echo 'b 253:3 rw' > devices/devices.deny",
dev_whitelist_rm() will update access
of first entry to 3, but type of first entry is also 'DEV_ALL'
.. static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup, ...) {
.. list_for_each_entry_safe(walk, tmp, &dev_cgroup->whitelist, list) {
.. if (walk->type == DEV_ALL)
.. goto remove;
If the type is 'DEV_ALL', will try to remove it without checking major/minor/..
.. remove:
.. walk->access &= ~wh->access;
access of first entry will be updated to 7(mrw) & ~4(w) = 3
.. if (!walk->access) {
first entry will not be deleted, because walk->access is not 0
.. list_del_rcu(&walk->list);
.. kfree_rcu(walk, rcu);
Execute dd cmd to write device, __devcgroup_inode_permission() will be called.
The type of first list entry is 'DEV_ALL', just pass this permission checking.
(write operation will not be denied)
.. int __devcgroup_inode_permission(struct inode *inode, int mask) {
.. ....
.. dev_cgroup = task_devcgroup(current);
.. list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
.. if (wh->type & DEV_ALL)
.. goto found;
// If type is 'DEV_ALL', pass permission check
.. ....
.. if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
.. continue;
.. found:
.. rcu_read_unlock();
.. return 0;
..
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists