Quoting Aristeu Rozanski (a...@redhat.com): > In 4cef7299b4786879a3e113e84084a72b24590c5b the cgroup parent usage is > unchecked. root will not have a parent and trying to use > device.{allow,deny} will cause problems. For some reason my stressing > scripts didn't test the root directory so I didn't catch it on my > regular tests. > > Andrew, Tejun, this patch needs to make Linus tree ASAP or a revert for > 4cef7299b4786879a3e113e84084a72b24590c5b. > > Cc: Andrew Morton <a...@linux-foundation.org> > Cc: Tejun Heo <t...@kernel.org> > Cc: Li Zefan <lize...@huawei.com> > Cc: James Morris <jmor...@namei.org> > Cc: Pavel Emelyanov <xe...@openvz.org> > Cc: Serge Hallyn <serge.hal...@canonical.com>
Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com> > Cc: Jiri Slaby <jsl...@suse.cz> > Signed-off-by: Aristeu Rozanski <a...@redhat.com> > > --- github.orig/security/device_cgroup.c 2012-10-26 17:18:01.739366780 > -0400 > +++ github/security/device_cgroup.c 2012-10-29 10:03:33.221918003 -0400 > @@ -352,6 +352,8 @@ > */ > static inline int may_allow_all(struct dev_cgroup *parent) > { > + if (!parent) > + return 1; > return parent->behavior == DEVCG_DEFAULT_ALLOW; > } > > @@ -376,11 +378,14 @@ > int count, rc; > struct dev_exception_item ex; > struct cgroup *p = devcgroup->css.cgroup; > - struct dev_cgroup *parent = cgroup_to_devcgroup(p->parent); > + struct dev_cgroup *parent = NULL; > > if (!capable(CAP_SYS_ADMIN)) > return -EPERM; > > + if (p->parent) > + parent = cgroup_to_devcgroup(p->parent); > + > memset(&ex, 0, sizeof(ex)); > b = buffer; > > @@ -391,11 +396,14 @@ > if (!may_allow_all(parent)) > return -EPERM; > dev_exception_clean(devcgroup); > + devcgroup->behavior = DEVCG_DEFAULT_ALLOW; > + if (!parent) > + break; > + > rc = dev_exceptions_copy(&devcgroup->exceptions, > &parent->exceptions); > if (rc) > return rc; > - devcgroup->behavior = DEVCG_DEFAULT_ALLOW; > break; > case DEVCG_DENY: > dev_exception_clean(devcgroup); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/