---

yaml --- r: 98720 b: refs/heads/master c: d823f6b h: refs/heads/master v: v3
git-mirror · Jul 4, 2008 · 08ed795 · 08ed795
1 parent 343d816
commit 08ed795
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/[refs] b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 26ff8c697a2c8f6974c2357d3f01cca91b20c964
+refs/heads/master: d823f6bfec2844493c05961133895de21fa0e02d
diff --git a/trunk/Documentation/controllers/devices.txt b/trunk/Documentation/controllers/devices.txt
@@ -13,7 +13,7 @@ either an integer or * for all.  Access is a composition of r
 The root device cgroup starts with rwm to 'all'.  A child device
 cgroup gets a copy of the parent.  Administrators can then remove
 devices from the whitelist or add new entries.  A child cgroup can
-never receive a device access which is denied its parent.  However
+never receive a device access which is denied by its parent.  However
 when a device access is removed from a parent it will not also be
 removed from the child(ren).
 
@@ -29,7 +29,11 @@ allows cgroup 1 to read and mknod the device usually known as
 
 	echo a > /cgroups/1/devices.deny
 
-will remove the default 'a *:* mrw' entry.
+will remove the default 'a *:* rwm' entry. Doing
+
+	echo a > /cgroups/1/devices.allow
+
+will add the 'a *:* rwm' entry to the whitelist.
 
 3. Security
 

diff --git a/trunk/security/device_cgroup.c b/trunk/security/device_cgroup.c
@@ -382,6 +382,8 @@ static ssize_t devcgroup_access_write(struct cgroup *cgroup, struct cftype *cft,
 	case 'a':
 		wh.type = DEV_ALL;
 		wh.access = ACC_MASK;
+		wh.major = ~0;
+		wh.minor = ~0;
 		goto handle;
 	case 'b':
 		wh.type = DEV_BLOCK;