From mboxrd@z Thu Jan  1 00:00:00 1970
From: Zefan Li <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
Subject: Re: questions about cgroup devices
Date: Mon, 23 Jan 2017 15:35:33 +0800
Message-ID: <5885B245.2030901@huawei.com>
References: <d28bc963-4936-6574-c606-d2b0c475f0c9@cn.fujitsu.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <cgroups-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
In-Reply-To: <d28bc963-4936-6574-c606-d2b0c475f0c9-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
Sender: cgroups-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
List-ID: <cgroups.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
To: Ma Shimiao <mashimiao.fnst-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>, "cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" <cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>

On 2017/1/23 15:16, Ma Shimiao wrote:
> Hi all,
> 
> I think I met a problem about cgroup devices.
> 
> The following is my detailed operations:
> 
> # cd /sys/fs/cgroup/devices/
> # mkdir test
> # echo "c 1:3 rw" > test/devices.deny
> # cat test/devices.list 
> a *:* rwm
> 
> It seems my setting does not react in devices.list.
> 
> But in another terminal, /dev/null is really limited to access.
> $ sudo cgexec -g devices:test dd if=/dev/zero of=/dev/null bs=1M count=128
> dd: failed to open '/dev/null': Operation not permitted
> 
> So, is this a bug of cgroup devices?
> 

It's not a bug. It's a feature introduced by commit ad676077a2ae4af4bb.
That said, I don't like this feature at all, because it's very confusing,
and obviously you are confused.