[PATCH 0/4] Devices accessibility control group (v3, release candidate)

Serge E. Hallyn serue at us.ibm.com
Fri Feb 8 08:12:17 PST 2008


Quoting Pavel Emelyanov (xemul at openvz.org):
> Changes from v2:
> * Fixed problems pointed out by Sukadev with permissions
>   revoke. Now we have to perform kobject re-lookup on
>   each char device open, just like for block ones, so I
>   think this is OK.
> 
> The /proc/devices tune is still in TODO list, as I have
> problems with getting majors _in_a_simple_manner_ from a 
> map, that contains a mix of major/minor pairs in 
> arbitrary order.

Thanks for posting, Pavel.  I'm sorry, I'm *trying* to review these, but
my eyes are glazing over.  (Not because of your patches I'll start by
just testing it a bit either this afternoon or monday.

thanks,
-serge

> The second version is here:
> http://openvz.org/pipermail/devel/2008-January/010160.html
> Changes from v1:
> 
> * Added the block devices support :) It turned out to
>   be a bit simpler than the char one (or I missed
>   something significant);
> * Now we can enable/disable not just individual devices,
>   but the whole major with all its minors (see the TODO
>   list beyond as well);
> * Added the ability to restrict the read/write permissions
>   to devices, not just visible/invisible state.
> 
> The first version was here:
> http://openvz.org/pipermail/devel/2007-September/007647.html
> 
> I still don't pay much attention to split this set well, so 
> this will most likely won't work with git-bisect, but I think 
> this is OK for now. I will sure split it better when I send 
> it to Andrew.
> 
> The set is prepared against the 2.6.24-rc8-mm1.
> 
> To play with it - run a standard procedure:
> 
>  # mount -t container none /cont/devs -o devices
>  # mkdir /cont/devs/0
>  # echo -n $$ > /cont/devs/0/tasks
> 
> and tune device permissions.
> 
> Thanks,
> Pavel


More information about the Containers mailing list