From: "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
To: aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Serge Hallyn
<serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Subject: Re: [PATCH v4 9/9] devcg: propagate local changes down the hierarchy
Date: Wed, 30 Jan 2013 21:35:13 +0000 [thread overview]
Message-ID: <20130130213513.GG8507@mail.hallyn.com> (raw)
In-Reply-To: <20130130171102.390708521-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
Quoting aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org (aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org):
Still looking over the code changes, but:
> static int devcgroup_access_write(struct cgroup *cgrp, struct cftype *cft,
> --- github.orig/Documentation/cgroups/devices.txt 2013-01-29 14:39:17.721843991 -0500
> +++ github/Documentation/cgroups/devices.txt 2013-01-30 10:03:30.536076528 -0500
> @@ -50,3 +50,69 @@ task to a new cgroup. (Again we'll prob
>
> A cgroup may not be granted more permissions than the cgroup's
> parent has.
> +
> +4. Hierarchy
> +
> +device cgroups maintain hierarchy by making sure never a cgroup has more
making sure a cgroup never has...
> +access permissions than its parent. Every time an entry is written to
> +a cgroup's devices.deny file, all its children will have that entry removed
> +from the the whitelist and all the locally set whitelist entries re-evaluated.
s/the the/their/
and
...whitelist entries will be re-evaluated.
> +In case one of the locally set whitelist entries would provide more access
> +than the cgroup's parent, it'll be removed from the whitelist.
> +
> +Example:
> + A
> + / \
> + B
> +
> + group behavior exceptions
> + A allow "b 8:* rwm", "c 116:1 rw"
> + B deny "c 1:3 rwm", "c 116:2 rwm", "b 3:* rwm"
> +
> +If a device is denied in group A:
> + # echo "c 116:* r" > A/devices.deny
> +it'll propagate down and after revalidating B's entries, the whitelist entry
> +"c 116:2 rwm" will be removed:
> +
> + group whitelist entries denied devices
> + A all "b 8:* rwm", "c 116:* rw"
> + B "c 1:3 rwm", "b 3:* rwm" all the rest
> +
> +In case parent behavior or exceptions change and local settings are not
> +allowed anymore, they'll be deleted.
> +
> +Notice that new whitelist entries will not be propagated:
> + A
> + / \
> + B
> +
> + group whitelist entries denied devices
> + A "c 1:3 rwm", "c 1:5 r" all the rest
> + B "c 1:3 rwm", "c 1:5 r" all the rest
> +
> +when adding "c *:3 rwm":
> + # echo "c *:3 rwm" >A/devices.allow
> +
> +the result:
> + group whitelist entries denied devices
> + A "c *:3 rwm", "c 1:5 r" all the rest
> + B "c 1:3 rwm", "c 1:5 r" all the rest
> +
> +but not it'll be possible to add new entries to B:
"but now" ?
> + # echo "c 2:3 rwm" >B/devices.allow
> + # echo "c 50:3 r" >B/devices.allow
> +or even
> + # echo "c *:3 rwm" >B/devices.allow
> +
> +4.1 Hierarchy (internal implementation)
> +
> +device cgroups is implemented internally using a behavior (ALLOW, DENY) and a
> +list of exceptions. The internal state is controlled using the same user
> +interface to preserve compatibility. A change in behavior (writing "a" to
... to preserve compatibility with the previous whitelist-only
implementation.
> +devices.deny or devices.allow) will be propagated down the hierarchy as well
"as well as" ?
> +new exceptions that will reduce the access to devices (an exception when
> +behavior is ALLOW). Each cgroup will have its local behavior and exception
> +list to keep track what was set by the user for that cgroup in specific. For
> +every propagated change, the effective rules will be built starting with
> +parent's rules and the locally set behavior and exceptions in case they still
> +apply, otherwise those will be lost.
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: aris@redhat.com
Cc: linux-kernel@vger.kernel.org, cgroups@vger.kernel.org,
Tejun Heo <tj@kernel.org>,
Serge Hallyn <serge.hallyn@canonical.com>
Subject: Re: [PATCH v4 9/9] devcg: propagate local changes down the hierarchy
Date: Wed, 30 Jan 2013 21:35:13 +0000 [thread overview]
Message-ID: <20130130213513.GG8507@mail.hallyn.com> (raw)
In-Reply-To: <20130130171102.390708521@napanee.usersys.redhat.com>
Quoting aris@redhat.com (aris@redhat.com):
Still looking over the code changes, but:
> static int devcgroup_access_write(struct cgroup *cgrp, struct cftype *cft,
> --- github.orig/Documentation/cgroups/devices.txt 2013-01-29 14:39:17.721843991 -0500
> +++ github/Documentation/cgroups/devices.txt 2013-01-30 10:03:30.536076528 -0500
> @@ -50,3 +50,69 @@ task to a new cgroup. (Again we'll prob
>
> A cgroup may not be granted more permissions than the cgroup's
> parent has.
> +
> +4. Hierarchy
> +
> +device cgroups maintain hierarchy by making sure never a cgroup has more
making sure a cgroup never has...
> +access permissions than its parent. Every time an entry is written to
> +a cgroup's devices.deny file, all its children will have that entry removed
> +from the the whitelist and all the locally set whitelist entries re-evaluated.
s/the the/their/
and
...whitelist entries will be re-evaluated.
> +In case one of the locally set whitelist entries would provide more access
> +than the cgroup's parent, it'll be removed from the whitelist.
> +
> +Example:
> + A
> + / \
> + B
> +
> + group behavior exceptions
> + A allow "b 8:* rwm", "c 116:1 rw"
> + B deny "c 1:3 rwm", "c 116:2 rwm", "b 3:* rwm"
> +
> +If a device is denied in group A:
> + # echo "c 116:* r" > A/devices.deny
> +it'll propagate down and after revalidating B's entries, the whitelist entry
> +"c 116:2 rwm" will be removed:
> +
> + group whitelist entries denied devices
> + A all "b 8:* rwm", "c 116:* rw"
> + B "c 1:3 rwm", "b 3:* rwm" all the rest
> +
> +In case parent behavior or exceptions change and local settings are not
> +allowed anymore, they'll be deleted.
> +
> +Notice that new whitelist entries will not be propagated:
> + A
> + / \
> + B
> +
> + group whitelist entries denied devices
> + A "c 1:3 rwm", "c 1:5 r" all the rest
> + B "c 1:3 rwm", "c 1:5 r" all the rest
> +
> +when adding "c *:3 rwm":
> + # echo "c *:3 rwm" >A/devices.allow
> +
> +the result:
> + group whitelist entries denied devices
> + A "c *:3 rwm", "c 1:5 r" all the rest
> + B "c 1:3 rwm", "c 1:5 r" all the rest
> +
> +but not it'll be possible to add new entries to B:
"but now" ?
> + # echo "c 2:3 rwm" >B/devices.allow
> + # echo "c 50:3 r" >B/devices.allow
> +or even
> + # echo "c *:3 rwm" >B/devices.allow
> +
> +4.1 Hierarchy (internal implementation)
> +
> +device cgroups is implemented internally using a behavior (ALLOW, DENY) and a
> +list of exceptions. The internal state is controlled using the same user
> +interface to preserve compatibility. A change in behavior (writing "a" to
... to preserve compatibility with the previous whitelist-only
implementation.
> +devices.deny or devices.allow) will be propagated down the hierarchy as well
"as well as" ?
> +new exceptions that will reduce the access to devices (an exception when
> +behavior is ALLOW). Each cgroup will have its local behavior and exception
> +list to keep track what was set by the user for that cgroup in specific. For
> +every propagated change, the effective rules will be built starting with
> +parent's rules and the locally set behavior and exceptions in case they still
> +apply, otherwise those will be lost.
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2013-01-30 21:35 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-30 17:11 [PATCH v4 0/9] devcg: introduce proper hierarchy support aris
2013-01-30 17:11 ` [PATCH v4 1/9] device_cgroup: prepare exception list handling functions for two lists aris
[not found] ` <20130130171101.263587090-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 19:34 ` Serge E. Hallyn
2013-01-30 19:34 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 2/9] devcg: reorder device exception functions aris
[not found] ` <20130130171101.406627645-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 19:44 ` Serge E. Hallyn
2013-01-30 19:44 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 3/9] device_cgroup: keep track of local group settings aris-H+wXaHxf7aLQT0dZR+AlfA
2013-01-30 17:11 ` aris
[not found] ` <20130130171101.538945424-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:01 ` Serge E. Hallyn
2013-01-30 20:01 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 4/9] devcg: expand may_access() logic aris-H+wXaHxf7aLQT0dZR+AlfA
2013-01-30 17:11 ` aris
[not found] ` <20130130171101.690972553-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:09 ` Serge E. Hallyn
2013-01-30 20:09 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 5/9] devcg: prepare may_access() for hierarchy support aris
[not found] ` <20130130171101.812377398-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:30 ` Serge E. Hallyn
2013-01-30 20:30 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 6/9] devcg: use css_online and css_offline aris
[not found] ` <20130130171101.947461296-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:40 ` Serge E. Hallyn
2013-01-30 20:40 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 7/9] devcg: split single exception copy from dev_exceptions_copy() aris-H+wXaHxf7aLQT0dZR+AlfA
2013-01-30 17:11 ` aris
[not found] ` <20130130171102.108794435-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 20:42 ` Serge E. Hallyn
2013-01-30 20:42 ` Serge E. Hallyn
2013-01-30 17:11 ` [PATCH v4 8/9] devcg: refactor dev_exception_clean() aris-H+wXaHxf7aLQT0dZR+AlfA
2013-01-30 17:11 ` aris
2013-01-30 20:47 ` Serge E. Hallyn
[not found] ` <20130130204730.GF8507-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-01-30 20:49 ` Aristeu Rozanski
2013-01-30 20:49 ` Aristeu Rozanski
[not found] ` <20130130204917.GL17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-01-30 20:50 ` Tejun Heo
2013-01-30 20:50 ` Tejun Heo
[not found] ` <CAOS58YOHkK9xTBPFAXKksrwP7ZxQc_WuGOp39D94Z1pBsFHfjw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-01-31 2:15 ` Li Zefan
2013-01-31 2:15 ` Li Zefan
2013-01-31 15:13 ` Aristeu Rozanski
2013-01-31 15:13 ` Aristeu Rozanski
2013-01-30 17:11 ` [PATCH v4 9/9] devcg: propagate local changes down the hierarchy aris
[not found] ` <20130130171102.390708521-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2013-01-30 21:35 ` Serge E. Hallyn [this message]
2013-01-30 21:35 ` Serge E. Hallyn
2013-01-31 4:19 ` Serge E. Hallyn
2013-01-31 4:19 ` Serge E. Hallyn
[not found] ` <20130131041932.GB14576-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-01-31 22:00 ` Aristeu Rozanski
2013-01-31 22:00 ` Aristeu Rozanski
2013-01-31 4:38 ` Serge E. Hallyn
[not found] ` <20130131043839.GA14726-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-01-31 22:03 ` Aristeu Rozanski
2013-01-31 22:03 ` Aristeu Rozanski
2013-02-01 19:09 ` [PATCH v5 " Aristeu Rozanski
2013-02-01 19:09 ` Aristeu Rozanski
[not found] ` <20130201190958.GP17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-02 16:13 ` Serge E. Hallyn
2013-02-02 16:13 ` Serge E. Hallyn
[not found] ` <20130202161341.GA11284-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-04 15:03 ` Aristeu Rozanski
2013-02-04 15:03 ` Aristeu Rozanski
[not found] ` <20130204150307.GQ17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-04 15:17 ` Serge Hallyn
2013-02-04 15:17 ` Serge Hallyn
2013-02-02 16:20 ` Serge E. Hallyn
2013-02-02 16:20 ` Serge E. Hallyn
[not found] ` <20130202162052.GB11284-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-04 15:09 ` Aristeu Rozanski
2013-02-04 15:09 ` Aristeu Rozanski
2013-02-05 18:36 ` [PATCH v6 " Aristeu Rozanski
2013-02-05 18:36 ` Aristeu Rozanski
[not found] ` <20130205183646.GT17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-09 3:53 ` Serge E. Hallyn
2013-02-09 3:53 ` Serge E. Hallyn
[not found] ` <20130209035357.GA31122-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-11 14:30 ` Aristeu Rozanski
2013-02-11 14:30 ` Aristeu Rozanski
2013-02-09 4:04 ` Serge E. Hallyn
2013-02-09 4:04 ` Serge E. Hallyn
[not found] ` <20130209040402.GA31942-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-11 14:32 ` Aristeu Rozanski
2013-02-11 14:32 ` Aristeu Rozanski
2013-02-11 17:42 ` Serge E. Hallyn
[not found] ` <20130211174259.GA18179-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-11 18:38 ` Aristeu Rozanski
2013-02-11 18:38 ` Aristeu Rozanski
2013-02-11 18:52 ` Serge E. Hallyn
[not found] ` <20130211185239.GA18779-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-02-11 19:02 ` Aristeu Rozanski
2013-02-11 19:02 ` Aristeu Rozanski
[not found] ` <20130211190251.GH30962-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-02-11 20:47 ` Serge Hallyn
2013-02-11 20:47 ` Serge Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130130213513.GG8507@mail.hallyn.com \
--to=serge-a9i7lubdfnhqt0dzr+alfa@public.gmane.org \
--cc=aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.