[lxc-devel] [PATCH 7/8] cgroup: don't set devices cgroup if not in init_user_ns
Stéphane Graber
stgraber at ubuntu.com
Sun Jul 21 08:44:56 UTC 2013
On Fri, Jul 19, 2013 at 02:26:54PM +0000, Serge Hallyn wrote:
> From: Serge Hallyn <serge.hallyn at ubuntu.com>
>
Hmm, I may be missing context with that diff, but where exactly is the
code making this check userns-specific?
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> ---
> src/lxc/cgroup.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
> index c707519..8a875b8 100644
> --- a/src/lxc/cgroup.c
> +++ b/src/lxc/cgroup.c
> @@ -292,6 +292,14 @@ int lxc_cgroup_set_bypath(const char *cgrelpath, const char *filename, const cha
> char *cgabspath;
> char path[MAXPATHLEN];
>
> + /*
> + * exception: if in a user namespace, don't try to set devices cgroup.
> + * (a) a task in non-init userns can't use most devices anyway, and
> + * (b) a task in non-init userns cannot write to devices.{allow,deny}
> + */
> + if (strncmp(filename, "devices.", 8) == 0)
> + return 0;
> +
> cgabspath = cgroup_path_get(filename, cgrelpath);
> if (!cgabspath)
> return -1;
> --
> 1.8.3.2
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20130721/b345fcdb/attachment.pgp>
More information about the lxc-devel
mailing list