Reviewed-by: Pavel Tikhomirov <[email protected]> On 11/20/25 20:44, Aleksei Oladko wrote: > This fixes an issue in the cgroup device controller where device access > checks were not enforced if he cgroup filesystem was already mounted > before. As a result, processes could bypass device access > restrictions. > > Aleksei Oladko (2): > fs: allow non-init s_user_ns for filesystems with FS_VE_MOUNT > fs: enforce cgroup permissions for bdevs on mount > > block/blk.h | 1 - > drivers/mtd/mtdsuper.c | 2 +- > fs/super.c | 26 +++++++++++++++++++++++--- > include/linux/blkdev.h | 1 + > include/linux/fs.h | 1 + > 5 files changed, 26 insertions(+), 5 deletions(-) >
-- Best regards, Pavel Tikhomirov Senior Software Developer, Virtuozzo. _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
