From: "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
To: aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Serge Hallyn
<serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Subject: Re: [PATCH v4 5/9] devcg: prepare may_access() for hierarchy support
Date: Wed, 30 Jan 2013 20:30:06 +0000 [thread overview]
Message-ID: <20130130203006.GC8507@mail.hallyn.com> (raw)
In-Reply-To: <20130130171101.812377398-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
Quoting aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org (aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org):
> Currently may_access() is only able to verify if an exception is valid for the
> current cgroup, which has the same behavior. With hierarchy, it'll be also used
> to verify if a cgroup local exception is valid towards its cgroup parent, which
> might have different behavior.
>
> v2:
> - updated patch description
> - rebased on top of a new patch to expand the may_access() logic to make it
> more clear
> - fixed argument description order in may_access()
>
> Acked-by: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
> Cc: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
> Cc: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Acked-by: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
> Signed-off-by: Aristeu Rozanski <aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
>
> ---
> security/device_cgroup.c | 38 ++++++++++++++++++++++++--------------
> 1 file changed, 24 insertions(+), 14 deletions(-)
>
> --- github.orig/security/device_cgroup.c 2013-01-30 08:58:02.000000000 -0500
> +++ github/security/device_cgroup.c 2013-01-30 09:00:09.435351867 -0500
> @@ -354,9 +354,11 @@ return 0;
> * verify if a certain access is allowed.
> * @dev_cgroup: dev cgroup to be tested against
> * @refex: new exception
> + * @behavior: behavior of the exception
> */
> static bool may_access(struct dev_cgroup *dev_cgroup,
> - struct dev_exception_item *refex)
> + struct dev_exception_item *refex,
> + enum devcg_behavior behavior)
> {
> struct dev_exception_item *ex;
> bool match = false;
> @@ -380,19 +382,27 @@ if (ex->minor != ~0 && ex->minor != re
> break;
> }
>
> - /*
> - * In two cases we'll consider this new exception valid:
> - * - the dev cgroup has its default policy to deny + exception list:
> - * the new exception *should* match the exceptions
> - * - the dev cgroup has its default policy to allow + exception list:
> - * the new exception should *not* match any of the exceptions
> - */
> - if (dev_cgroup->behavior == DEVCG_DEFAULT_DENY) {
> - if (match)
> + if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) {
> + if (behavior == DEVCG_DEFAULT_ALLOW) {
> + /* the exception will deny access to certain devices */
> return true;
> + } else {
> + /* the exception will allow access to certain devices */
> + if (match)
> + /*
> + * a new exception allowing access shouldn't
> + * match an parent's exception
> + */
> + return false;
> + return true;
> + }
> } else {
> - if (!match)
> + /* only behavior == DEVCG_DEFAULT_DENY allowed here */
> + if (match)
> + /* parent has an exception that matches the proposed */
> return true;
> + else
> + return false;
> }
> return false;
> }
> @@ -411,7 +421,7 @@ static int parent_has_perm(struct dev_cg
> if (!pcg)
> return 1;
> parent = cgroup_to_devcgroup(pcg);
> - return may_access(parent, ex);
> + return may_access(parent, ex, childcg->behavior);
> }
>
> /**
> @@ -445,7 +455,7 @@ static int devcgroup_update_access(struc
> {
> const char *b;
> char temp[12]; /* 11 + 1 characters needed for a u32 */
> - int count, rc;
> + int count, rc = 0;
This here points out that (unrelated to yor set) devcgroup_update_access()
really needs a cleanup.
> struct dev_exception_item ex;
> struct cgroup *p = devcgroup->css.cgroup;
> struct dev_cgroup *parent = NULL;
> @@ -663,7 +673,7 @@ memset(&ex, 0, sizeof(ex));
>
> rcu_read_lock();
> dev_cgroup = task_devcgroup(current);
> - rc = may_access(dev_cgroup, &ex);
> + rc = may_access(dev_cgroup, &ex, dev_cgroup->behavior);
> rcu_read_unlock();
>
> if (!rc)
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: aris@redhat.com
Cc: linux-kernel@vger.kernel.org, cgroups@vger.kernel.org,
Tejun Heo <tj@kernel.org>,
Serge Hallyn <serge.hallyn@canonical.com>
Subject: Re: [PATCH v4 5/9] devcg: prepare may_access() for hierarchy support
Date: Wed, 30 Jan 2013 20:30:06 +0000 [thread overview]
Message-ID: <20130130203006.GC8507@mail.hallyn.com> (raw)
In-Reply-To: <20130130171101.812377398@napanee.usersys.redhat.com>
Quoting aris@redhat.com (aris@redhat.com):
> Currently may_access() is only able to verify if an exception is valid for the
> current cgroup, which has the same behavior. With hierarchy, it'll be also used
> to verify if a cgroup local exception is valid towards its cgroup parent, which
> might have different behavior.
>
> v2:
> - updated patch description
> - rebased on top of a new patch to expand the may_access() logic to make it
> more clear
> - fixed argument description order in may_access()
>
> Acked-by: Tejun Heo <tj@kernel.org>
> Cc: Tejun Heo <tj@kernel.org>
> Cc: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> Signed-off-by: Aristeu Rozanski <aris@redhat.com>
>
> ---
> security/device_cgroup.c | 38 ++++++++++++++++++++++++--------------
> 1 file changed, 24 insertions(+), 14 deletions(-)
>
> --- github.orig/security/device_cgroup.c 2013-01-30 08:58:02.000000000 -0500
> +++ github/security/device_cgroup.c 2013-01-30 09:00:09.435351867 -0500
> @@ -354,9 +354,11 @@ return 0;
> * verify if a certain access is allowed.
> * @dev_cgroup: dev cgroup to be tested against
> * @refex: new exception
> + * @behavior: behavior of the exception
> */
> static bool may_access(struct dev_cgroup *dev_cgroup,
> - struct dev_exception_item *refex)
> + struct dev_exception_item *refex,
> + enum devcg_behavior behavior)
> {
> struct dev_exception_item *ex;
> bool match = false;
> @@ -380,19 +382,27 @@ if (ex->minor != ~0 && ex->minor != re
> break;
> }
>
> - /*
> - * In two cases we'll consider this new exception valid:
> - * - the dev cgroup has its default policy to deny + exception list:
> - * the new exception *should* match the exceptions
> - * - the dev cgroup has its default policy to allow + exception list:
> - * the new exception should *not* match any of the exceptions
> - */
> - if (dev_cgroup->behavior == DEVCG_DEFAULT_DENY) {
> - if (match)
> + if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) {
> + if (behavior == DEVCG_DEFAULT_ALLOW) {
> + /* the exception will deny access to certain devices */
> return true;
> + } else {
> + /* the exception will allow access to certain devices */
> + if (match)
> + /*
> + * a new exception allowing access shouldn't
> + * match an parent's exception
> + */
> + return false;
> + return true;
> + }
> } else {
> - if (!match)
> + /* only behavior == DEVCG_DEFAULT_DENY allowed here */
> + if (match)
> + /* parent has an exception that matches the proposed */
> return true;
> + else
> + return false;
> }
> return false;
> }
> @@ -411,7 +421,7 @@ static int parent_has_perm(struct dev_cg
> if (!pcg)
> return 1;
> parent = cgroup_to_devcgroup(pcg);
> - return may_access(parent, ex);
> + return may_access(parent, ex, childcg->behavior);
> }
>
> /**
> @@ -445,7 +455,7 @@ static int devcgroup_update_access(struc
> {
> const char *b;
> char temp[12]; /* 11 + 1 characters needed for a u32 */
> - int count, rc;
> + int count, rc = 0;
This here points out that (unrelated to yor set) devcgroup_update_access()
really needs a cleanup.
> struct dev_exception_item ex;
> struct cgroup *p = devcgroup->css.cgroup;
> struct dev_cgroup *parent = NULL;
> @@ -663,7 +673,7 @@ memset(&ex, 0, sizeof(ex));
>
> rcu_read_lock();
> dev_cgroup = task_devcgroup(current);
> - rc = may_access(dev_cgroup, &ex);
> + rc = may_access(dev_cgroup, &ex, dev_cgroup->behavior);
> rcu_read_unlock();
>
> if (!rc)
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2013-01-30 20:30 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-30 17:11 [PATCH v4 0/9] devcg: introduce proper hierarchy support aris
2013-01-30 17:11 ` [PATCH v4 1/9] device_cgroup: prepare exception list handling functions for two lists aris
[not found] ` <20130130171101.263587090-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 19:34 ` Serge E. Hallyn
2013-01-30 19:34 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 2/9] devcg: reorder device exception functions aris
[not found] ` <20130130171101.406627645-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 19:44 ` Serge E. Hallyn
2013-01-30 19:44 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 3/9] device_cgroup: keep track of local group settings aris-H+wXaHxf7aLQT0dZR+AlfA
2013-01-30 17:11 ` aris
[not found] ` <20130130171101.538945424-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:01 ` Serge E. Hallyn
2013-01-30 20:01 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 4/9] devcg: expand may_access() logic aris-H+wXaHxf7aLQT0dZR+AlfA
2013-01-30 17:11 ` aris
[not found] ` <20130130171101.690972553-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:09 ` Serge E. Hallyn
2013-01-30 20:09 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 5/9] devcg: prepare may_access() for hierarchy support aris
[not found] ` <20130130171101.812377398-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:30 ` Serge E. Hallyn [this message]
2013-01-30 20:30 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 6/9] devcg: use css_online and css_offline aris
[not found] ` <20130130171101.947461296-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:40 ` Serge E. Hallyn
2013-01-30 20:40 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 7/9] devcg: split single exception copy from dev_exceptions_copy() aris-H+wXaHxf7aLQT0dZR+AlfA
2013-01-30 17:11 ` aris
[not found] ` <20130130171102.108794435-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:42 ` Serge E. Hallyn
2013-01-30 20:42 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 8/9] devcg: refactor dev_exception_clean() aris-H+wXaHxf7aLQT0dZR+AlfA
2013-01-30 17:11 ` aris
2013-01-30 20:47 ` Serge E. Hallyn
[not found] ` <20130130204730.GF8507-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-01-30 20:49 ` Aristeu Rozanski
2013-01-30 20:49 ` Aristeu Rozanski
[not found] ` <20130130204917.GL17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-01-30 20:50 ` Tejun Heo
2013-01-30 20:50 ` Tejun Heo
[not found] ` <CAOS58YOHkK9xTBPFAXKksrwP7ZxQc_WuGOp39D94Z1pBsFHfjw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-01-31 2:15 ` Li Zefan
2013-01-31 2:15 ` Li Zefan
2013-01-31 15:13 ` Aristeu Rozanski
2013-01-31 15:13 ` Aristeu Rozanski
2013-01-30 17:11 ` [PATCH v4 9/9] devcg: propagate local changes down the hierarchy aris
[not found] ` <20130130171102.390708521-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 21:35 ` Serge E. Hallyn
2013-01-30 21:35 ` Serge E. Hallyn
2013-01-31 4:19 ` Serge E. Hallyn
2013-01-31 4:19 ` Serge E. Hallyn
[not found] ` <20130131041932.GB14576-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-01-31 22:00 ` Aristeu Rozanski
2013-01-31 22:00 ` Aristeu Rozanski
2013-01-31 4:38 ` Serge E. Hallyn
[not found] ` <20130131043839.GA14726-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-01-31 22:03 ` Aristeu Rozanski
2013-01-31 22:03 ` Aristeu Rozanski
2013-02-01 19:09 ` [PATCH v5 " Aristeu Rozanski
2013-02-01 19:09 ` Aristeu Rozanski
[not found] ` <20130201190958.GP17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-02 16:13 ` Serge E. Hallyn
2013-02-02 16:13 ` Serge E. Hallyn
[not found] ` <20130202161341.GA11284-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-04 15:03 ` Aristeu Rozanski
2013-02-04 15:03 ` Aristeu Rozanski
[not found] ` <20130204150307.GQ17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-04 15:17 ` Serge Hallyn
2013-02-04 15:17 ` Serge Hallyn
2013-02-02 16:20 ` Serge E. Hallyn
2013-02-02 16:20 ` Serge E. Hallyn
[not found] ` <20130202162052.GB11284-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-04 15:09 ` Aristeu Rozanski
2013-02-04 15:09 ` Aristeu Rozanski
2013-02-05 18:36 ` [PATCH v6 " Aristeu Rozanski
2013-02-05 18:36 ` Aristeu Rozanski
[not found] ` <20130205183646.GT17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-09 3:53 ` Serge E. Hallyn
2013-02-09 3:53 ` Serge E. Hallyn
[not found] ` <20130209035357.GA31122-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-11 14:30 ` Aristeu Rozanski
2013-02-11 14:30 ` Aristeu Rozanski
2013-02-09 4:04 ` Serge E. Hallyn
2013-02-09 4:04 ` Serge E. Hallyn
[not found] ` <20130209040402.GA31942-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-11 14:32 ` Aristeu Rozanski
2013-02-11 14:32 ` Aristeu Rozanski
2013-02-11 17:42 ` Serge E. Hallyn
[not found] ` <20130211174259.GA18179-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-11 18:38 ` Aristeu Rozanski
2013-02-11 18:38 ` Aristeu Rozanski
2013-02-11 18:52 ` Serge E. Hallyn
[not found] ` <20130211185239.GA18779-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-11 19:02 ` Aristeu Rozanski
2013-02-11 19:02 ` Aristeu Rozanski
[not found] ` <20130211190251.GH30962-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-11 20:47 ` Serge Hallyn
2013-02-11 20:47 ` Serge Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130130203006.GC8507@mail.hallyn.com \
--to=serge-a9i7lubdfnhqt0dzr+alfa@public.gmane.org \
--cc=aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.