Quoting Li Zefan (lizf@cn.fujitsu.com):
quoted text
>  # cat devices.list
>  c 1:3 r
>  # echo 'c 1:3 w' > sub/devices.allow
>  # cat sub/devices.list
>  c 1:3 w
> 
> As illustrated, the parent group has no write permission to /dev/null,
> so its child should not be allowed to add this write permission,
> which is documented in Documentation/controllers/devices.txt.
> 
> Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>

I have no idea where that came from (but see that it was in my original
submission).  Maybe I meant to do &, but that still isn't necessary.

Acked-by: Serge Hallyn <serue@us.ibm.com>

thanks,
-serge

quoted text
> ---
>  security/device_cgroup.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/security/device_cgroup.c b/security/device_cgroup.c
> index 1e2e28a..ddd92ce 100644
> --- a/security/device_cgroup.c
> +++ b/security/device_cgroup.c
> @@ -300,7 +300,7 @@ static int may_access_whitelist(struct dev_cgroup *c,
>  			continue;
>  		if (whitem->minor != ~0 && whitem->minor != refwh->minor)
>  			continue;
> -		if (refwh->access & (~(whitem->access | ACC_MASK)))
> +		if (refwh->access & (~whitem->access))
>  			continue;
>  		return 1;
>  	}
> -- 
> 1.5.4.rc3
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/