[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130130200920.GB8507@mail.hallyn.com>
Date: Wed, 30 Jan 2013 20:09:20 +0000
From: "Serge E. Hallyn" <serge@...lyn.com>
To: aris@...hat.com
Cc: linux-kernel@...r.kernel.org, cgroups@...r.kernel.org,
Tejun Heo <tj@...nel.org>,
Serge Hallyn <serge.hallyn@...onical.com>
Subject: Re: [PATCH v4 4/9] devcg: expand may_access() logic
Quoting aris@...hat.com (aris@...hat.com):
> In order to make the next patch more clear, expand may_access() logic.
>
> v2: may_access() returns bool now
>
> Acked-by: Tejun Heo <tj@...nel.org>
> Cc: Tejun Heo <tj@...nel.org>
> Cc: Serge Hallyn <serge.hallyn@...onical.com>
Acked-by: Serge Hallyn <serge.hallyn@...onical.com>
> Signed-off-by: Aristeu Rozanski <aris@...hat.com>
>
> ---
> security/device_cgroup.c | 21 ++++++++++++---------
> 1 file changed, 12 insertions(+), 9 deletions(-)
>
> --- github.orig/security/device_cgroup.c 2013-01-30 08:56:29.532063723 -0500
> +++ github/security/device_cgroup.c 2013-01-30 08:58:02.934460404 -0500
> @@ -355,8 +355,8 @@ return 0;
> * @dev_cgroup: dev cgroup to be tested against
> * @refex: new exception
> */
> -static int may_access(struct dev_cgroup *dev_cgroup,
> - struct dev_exception_item *refex)
> +static bool may_access(struct dev_cgroup *dev_cgroup,
> + struct dev_exception_item *refex)
> {
> struct dev_exception_item *ex;
> bool match = false;
> @@ -382,16 +382,19 @@ if (ex->minor != ~0 && ex->minor != re
>
> /*
> * In two cases we'll consider this new exception valid:
> - * - the dev cgroup has its default policy to allow + exception list:
> - * the new exception should *not* match any of the exceptions
> - * (behavior == DEVCG_DEFAULT_ALLOW, !match)
> * - the dev cgroup has its default policy to deny + exception list:
> * the new exception *should* match the exceptions
> - * (behavior == DEVCG_DEFAULT_DENY, match)
> + * - the dev cgroup has its default policy to allow + exception list:
> + * the new exception should *not* match any of the exceptions
> */
> - if ((dev_cgroup->behavior == DEVCG_DEFAULT_DENY) == match)
> - return 1;
> - return 0;
> + if (dev_cgroup->behavior == DEVCG_DEFAULT_DENY) {
> + if (match)
> + return true;
> + } else {
> + if (!match)
> + return true;
> + }
> + return false;
> }
>
> /*
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists