Re: [RFC] cgroups: implement device whitelist lsm (v2)

On Thu, 13 Mar 2008, Serge E. Hallyn wrote:

quoted text

> True, but while this change simplifies the code a bit, the semantics > seem more muddled - devcg will be enforcing when CONFIG_CGROUP_DEV=y > and: > > SECURITY=n or > rootplug is enabled > capabilities is enabled > smack is enabled > selinux+capabilities is enabled

Well, this is how real systems are going to be deployed. It becomes confusing, IMHO, if you have to change which secondary LSM you stack with SELinux to enable a cgroup feature. -- James Morris <jmorris@namei.org> --

unsubscribe notice

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/


linux-kernel:
Stefan Richter	Re: sata & scsi suggestion for make menuconfig
Rafael J. Wysocki	[Bug #11409] build issue #564 for v2.6.27-rc4 : undefined reference to `NS8390p_in...
Greg Kroah-Hartman	[PATCH 20/36] Driver core: Call device_pm_add() after bus_add_device() in device_a...
Marcin Slusarz	Re: [PATCH] ufs: [bl]e*_add_cpu conversion
Andrew Morton	2.6.23-rc6-mm1
git:
Junio C Hamano	Re: git-svnimport
Anuj Gakhar	Git Architecture Question
Johannes Schindelin	Re: [PATCH] Fix approxidate("never") to always return 0
A Large Angry SCM	Re: [RFC] origin link for cherry-pick and revert
Gabriel	[PATCH] When a remote is added but not fetched, tell the user.
linux-netdev:
Gerrit Renker	v2 [PATCH 1/4] dccp: Limit feature negotiation to connection setup phase
Daniel Lezcano	getsockopt(TCP_DEFER_ACCEPT) value change
David Miller	Re: 2.6.27.18: bnx2/tg3: BUG: "scheduling while atomic" trying to ifenslave a seco...
Ingo Molnar	Re: [regression] nf_iterate(), BUG: unable to handle kernel NULL pointer dereference
Gerrit Renker	[PATCH 37/37] dccp: Debugging functions for feature negotiation
git-commits-head:
Linux Kernel Mailing List	ath9k_htc: Allocate URBs properly
Linux Kernel Mailing List	[ARM] dma: use new dmabounce_sync_for_xxx() for dma_sync_single_xxx()
Linux Kernel Mailing List	MIPS: Cavium: Remove unused watchdog code.
Linux Kernel Mailing List	V4L/DVB (8976): af9015: Add USB ID for AVerMedia A309
Linux Kernel Mailing List	ARM: 5670/1: bcmring: add default configuration for bcmring arch
openbsd-misc:
Christophe Rioux	Implementation example of snmp
Jason Dixon	Re: any web management gui for pf ?
Nick Holland	Re: booting openbsd on eee without cd-rom
Bryan Irvine	Re: OpenBSD 4.7 Released, May 19 2010
Marco Peereboom	Re: Singularity OS