| > I started playing with this and noticed that even if I try to
| > enable read access to device [c, 1:3] it also grants access
| > to device [c, 1:5].
|
| Hm... I can't reproduce this:
|
| # /bin/echo 'c 1:3 r-' > /cnt/dev/0/devices.permissions
| # /bin/echo -n $$ > /cnt/dev/0/tasks
| # cat /cnt/dev/0/devices.permissions
| c 1:3 r-
| # hexdump /dev/null
| # hexdump /dev/zero
| hexdump: /dev/zero: No such device or address
| hexdump: /dev/zero: Bad file descriptor
|
| Maybe you have played with devs cgroups before getting this?
| Can you show what's the contents of the devices.permissions file
| in your case?
Here is the repro again. I even tried after a reboot. Basically,
granting access to /dev/null is also granting access to /dev/zero.
# cat devices.permissions
# hexdump /dev/zero
hexdump: /dev/zero: No such device or address
hexdump: /dev/zero: Bad file descriptor
# hexdump /dev/null
hexdump: /dev/null: No such device or address
hexdump: /dev/null: Bad file descriptor
# echo 'c 1:3 r-' > devices.permissions
# hexdump /dev/null
# hexdump /dev/zero
0000000 0000 0000 0000 0000 0000 0000 0000 0000
*
^C
# cat tasks
3279
22266
# ps
PID TTY TIME CMD
3279 pts/0 00:00:00 bash
22267 pts/0 00:00:00 ps
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
OpenVZ Forum
Members
Search
Help
Register
Login
Home
