Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753378AbYCRETk (ORCPT ); Tue, 18 Mar 2008 00:19:40 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751601AbYCRET3 (ORCPT ); Tue, 18 Mar 2008 00:19:29 -0400 Received: from namei.org ([69.55.235.186]:57853 "EHLO us.intercode.com.au" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751496AbYCRET3 (ORCPT ); Tue, 18 Mar 2008 00:19:29 -0400 Date: Tue, 18 Mar 2008 15:17:53 +1100 (EST) From: James Morris X-X-Sender: jmorris@us.intercode.com.au To: "Serge E. Hallyn" cc: lkml , linux-security-module@vger.kernel.org, Linux Containers , Stephen Smalley , Pavel Emelianov , Greg KH , Casey Schaufler , Paul Menage Subject: Re: [PATCH] cgroups: implement device whitelist (v4) In-Reply-To: <20080317180722.GA17111@sergelap.austin.ibm.com> Message-ID: References: <20080317180722.GA17111@sergelap.austin.ibm.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 806 Lines: 21 On Mon, 17 Mar 2008, Serge E. Hallyn wrote: > Implement a cgroup to track and enforce open and mknod restrictions on device > files. A device cgroup associates a device access whitelist with each > cgroup. A whitelist entry has 4 fields. 'type' is a (all), c (char), or > b (block). 'all' means it applies to all types and all major and minor > numbers. Major and minor are either an integer or * for all. > Access is a composition of r (read), w (write), and m (mknod). Acked-by: James Morris -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/