devcgroup: fix permission check when adding entry to child cgroup

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

# cat devices.list
c 1:3 r
# echo 'c 1:3 w' > sub/devices.allow
# cat sub/devices.list
c 1:3 w

As illustrated, the parent group has no write permission to /dev/null, so
it's child should not be allowed to add this write permission.

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Li Zefan and committed by

Linus Torvalds 18 years ago ec229e83 17d213f8

+1 -1

1 changed file

expand all

security

device_cgroup.c

+1 -1

security/device_cgroup.c

··· 300 300 continue; 301 301 if (whitem->minor != ~0 && whitem->minor != refwh->minor) 302 302 continue; 303 - if (refwh->access & (~(whitem->access | ACC_MASK))) 303 + if (refwh->access & (~whitem->access)) 304 304 continue; 305 305 return 1; 306 306 }

Configure Feed

Configure Feed