Reviewed-by: Pavel Tikhomirov <[email protected]> On 11/18/25 07:14, Aleksei Oladko wrote: > This fixes an issue in the cgroup device controller where device access > checks were not enforced if he cgroup filesystem was already mounted > before. As a result, processes could bypass device access > restrictions. > > Aleksei Oladko (2): > fs: allow non-init s_user_ns for filesystems with FS_VE_MOUNT > fs: enforce cgroup permissions for bdevs on mount > > block/blk.h | 1 - > fs/super.c | 21 ++++++++++++++++++--- > include/linux/blkdev.h | 1 + > include/linux/fs.h | 1 + > 4 files changed, 20 insertions(+), 4 deletions(-) >
-- Best regards, Pavel Tikhomirov Senior Software Developer, Virtuozzo. _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
