[CRIU] [PATCH 4/5] cgroups: add support for c/r of the devices cgroup
Cyrill Gorcunov
gorcunov at gmail.com
Mon Jun 6 10:50:17 PDT 2016
On Mon, Jun 06, 2016 at 11:48:27AM -0600, Tycho Andersen wrote:
> >
> > IIRC, choosing device.allow or device.deny depends
> > on default stragegy. If it's "allow", then list
> > represent those which are not permitted to use
> > and reverse, no?
>
> devices.list is always a whitelist, and adding something to
> device.deny just removes it from devices.list (and from child cgroups'
> whitelists as well):
>
> root at smitten:/sys/fs/cgroup/devices/A# cat devices.list
> root at smitten:/sys/fs/cgroup/devices/A# echo "c 195:1 rw" > devices.allow
> root at smitten:/sys/fs/cgroup/devices/A# cat devices.list
> c 195:1 rw
> root at smitten:/sys/fs/cgroup/devices/A# echo "c 195:1 rw" > devices.deny
> root at smitten:/sys/fs/cgroup/devices/A# cat devices.list
> root at smitten:/sys/fs/cgroup/devices/A#
OK, great then!
More information about the CRIU
mailing list