[Devel] [vz7 PATCH 1/2] devcg: Move match_exception_partial before match_exception PSBM-144033

This is required as the latter would call the former in upcoming patches. Signed-off-by: Nikolay Borisov --- security/device_cgroup.c | 87 +--- 1 file changed, 46 insertions(+), 41 deletions(-) diff --git a/security/device_cgroup.c b/security/device_cgroup.c

[Devel] [vz7 PATCH 2/2] devcg: Allow wildcard exceptions in DENY child cgroups PSBM-144033

In containerized environments there arise cases where we might want to allow wildcard exceptions when the parent cg doesn't have such. This for example arises when systemd services are being setup in containers. In order to allow systemd to function we must allow it to write wildcard (i.e b *:* rwm

[Devel] [PATCH vz7 v2] modules: calculate sysfs max path size at compile time to avoid static variable

in commit 3f1147ffecc3 ("ve/module: export sysfs dentries in containers") 2) Buffer for path is made static in assumption, that modules load and unload my happen from time to time and there is not need to allocate this buffer each time we need to expose or hide module sysfs dentries

[Devel] [PATCH vz9] modules: calculate sysfs max path size at compile time to avoid static variable

in commit 3f1147ffecc3 ("ve/module: export sysfs dentries in containers") (cherry-picked to vz9 commit 70ec52c1e0099e7c775cf9900619b7fca5fc6c1e) 2) Buffer for path is made static in assumption, that modules load and unload my happen from time to time and there is not need to allocate this