[Devel] [PATCH vz10 v5 0/2] cgroup/devices: Fix missing permission
Aleksei Oladko
aleksey.oladko at virtuozzo.com
Thu Nov 20 15:44:10 MSK 2025
This fixes an issue in the cgroup device controller where device access
checks were not enforced if he cgroup filesystem was already mounted
before. As a result, processes could bypass device access
restrictions.
Aleksei Oladko (2):
fs: allow non-init s_user_ns for filesystems with FS_VE_MOUNT
fs: enforce cgroup permissions for bdevs on mount
block/blk.h | 1 -
drivers/mtd/mtdsuper.c | 2 +-
fs/super.c | 26 +++++++++++++++++++++++---
include/linux/blkdev.h | 1 +
include/linux/fs.h | 1 +
5 files changed, 26 insertions(+), 5 deletions(-)
--
2.43.0
More information about the Devel
mailing list