[RFC][PATCH] Devices visibility container
Pavel Emelyanov
xemul at openvz.org
Tue Sep 25 01:00:07 PDT 2007
Paul Menage wrote:
> On 9/24/07, Pavel Emelyanov <xemul at openvz.org> wrote:
>> # /bin/echo -n '+1:5' > /cont/devs/0/devices.char
>>
>> More generally, the '+<major>:<minor>' string grants access to
>> some device, and '-<major>:<minor>' disables one.
>
> How about a more forward-compatible API:
>
> <major>:<minor>=<permissions>[,<remapped_major>:<remapped_minor>]
I'd rather make it look like
<major>:<mino>[:<permissions>][:<map_major>:<map_minor>]
where
<permissions>:=[r-][w-] and NULL means rw
this would keep current API compatible and allow it for extension.
> This would allow you the control the access that each cgroup has to a
> given device (permissions of 0 indicates that the device isn't even
> visible, i.e. the same as your "-<major>:<minor>" operation. For now
> specifying the (optional) remapping could just fail, but at least the
> API would be defined.
>
> Paul
>
More information about the Containers
mailing list