local exceptions, the exception
"c 116:2 rwm" will be removed.
The local preferences will be kept and applied when allowed by its parent.
Cc: Tejun Heo
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
---
security/device_cgroup.c | 215 +++
In the following patches, device_cgroup structure will have two sets of
behavior and exceptions list (actual one, another with the local settings)
so rework the functions to use exception list, not a device_cgroup.
Cc: Tejun Heo
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
---
security
In order to revalidate local exceptions for the hierarchy change propagation,
make may_access() stronger.
Cc: Tejun Heo
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
---
security/device_cgroup.c | 36
1 file changed, 24 insertions(+), 12 deletions
This patchset implements device cgroup hierarchy. Behaviors and exceptions
will be propagated down in the tree and local preferences will be re-evaluated
everytime a change in its parent occours, reapplying them if it's still
possible.
Cc: Tejun Heo
Cc: Serge Hallyn
Signed-off-by: Ar
Cc: Tejun Heo
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
---
security/device_cgroup.c |4
1 file changed, 4 insertions(+)
Index: github/security/device_cgroup.c
===
--- github.orig/security/device_cgroup.c
In preparation for better hierarchy support, it's needed to retain the local
settings in order to try to reapply them after a propagated change if they're
still valid.
Cc: Tejun Heo
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
---
security/device_cgrou
On Thu, Nov 29, 2012 at 07:29:45PM +, Serge E. Hallyn wrote:
> Quoting Aristeu Rozanski (a...@redhat.com):
> > In preparation for better hierarchy support, it's needed to retain the local
> > settings in order to try to reapply them after a propagated change if
> &g
On Thu, Nov 29, 2012 at 07:29:45PM +, Serge E. Hallyn wrote:
> thanks for doing this. I've got one concern though. I don't see
> any place where devcgroup_create() was updated to create the
> local exceptions list. I think we need a guarantee that at
> any time the local exceptions list will
On Thu, Nov 29, 2012 at 08:26:08PM +, Serge E. Hallyn wrote:
> Quoting Aristeu Rozanski (a...@redhat.com):
> > I see your point. it's indeed a problem. in dev_exception_add(), it
> > needs to check for permissions before actually adding to
> > devcgroup->excepti
On Sat, Feb 02, 2013 at 04:13:41PM +, Serge E. Hallyn wrote:
> Quoting Aristeu Rozanski (a...@redhat.com):
> > +static int propagate_behavior(struct dev_cgroup *devcg_root)
> > +{
> > + struct cgroup *root = devcg_root->css.cgroup;
> > + struct dev_cgroup *par
On Sat, Feb 02, 2013 at 04:20:52PM +, Serge E. Hallyn wrote:
> Quoting Aristeu Rozanski (a...@redhat.com):
> > +static int propagate_exception(struct dev_cgroup *devcg_root)
> > +{
> > + struct cgroup *root = devcg_root->css.cgroup;
> > + struct de
by Tejun Heo
- instead of keeping the local settings that won't apply anymore, remove them
Acked-by: Tejun Heo
Cc: Tejun Heo
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
---
Documentation/cgroups/devices.txt | 67 +++
security/device_cgroup.c | 228 +
On Sat, Feb 09, 2013 at 04:04:02AM +, Serge E. Hallyn wrote:
> Quoting Aristeu Rozanski (a...@redhat.com):
> > devcg: propagate local changes down the hierarchy
> >
> > This patch makes all changes propagate down in hierarchy respecting when
> > po
On Sat, Feb 09, 2013 at 03:53:57AM +, Serge E. Hallyn wrote:
> Quoting Aristeu Rozanski (a...@redhat.com):
>
> Thanks, Aristeu. I'm sorry it feels like I'm just trying to give you a
> hard time, I'm really not :)
no worries on that, it's important this is
On Mon, Feb 11, 2013 at 05:42:59PM +, Serge E. Hallyn wrote:
> Note I said only forbid behavior changes - not exception changes - to
> cgroups with children.
that won't do much. behavior change is the simplest: if you change a
behavior, you wipe the local exceptions unless the special (deny, d
On Mon, Feb 11, 2013 at 06:52:39PM +, Serge E. Hallyn wrote:
> > getting rid of local settings would buy more simplicity
>
> (Not sure which you mean here by 'getting rid of local settings')
no local.{behavior,exceptions}, which still would allow behavior
propagation, but simply wouldn't keep
t; > so rework the functions to use exception list, not a device_cgroup.
> >
> > Cc: Tejun Heo
> > Cc: Serge Hallyn
> > Signed-off-by: Aristeu Rozanski
>
> Acked-by: Tejun Heo
>
> Can you please keep acks across postings? That makes it a bit easier
>
On Tue, Jan 29, 2013 at 12:35:00PM -0800, Tejun Heo wrote:
> Generally looks good to me although I haven't really delved into the
> behavior (you're gonna be there for the fallouts, right?). Just some
> minor comments.
yes, I'll.
> > +static int propagate_behavior(struct dev_cgroup *devcg_root)
On Wed, Jan 30, 2013 at 05:41:40PM +, Serge E. Hallyn wrote:
> Quoting a...@redhat.com (a...@redhat.com):
> > In the following patches, device_cgroup structure will have two sets of
> > behavior and exceptions list (actual one, another with the local settings)
> > so rework the functions to use
On Wed, Jan 30, 2013 at 08:47:30PM +, Serge E. Hallyn wrote:
> Quoting a...@redhat.com (a...@redhat.com):
> > -
> > - if (rc)
> > - return rc;
>
> Was this intentional?
>
> I see that you next add
>
> rc = propagate_behavior(devcgroup);
>
>
On Wed, Jan 30, 2013 at 12:50:38PM -0800, Tejun Heo wrote:
> On Wed, Jan 30, 2013 at 12:49 PM, Aristeu Rozanski > that's not
> intentional. thanks for catching this
> >
> > Tejun, you want me to resubmit the whole series or just the next patch
> > (where I was suppo
On Thu, Jan 31, 2013 at 04:19:32AM +, Serge E. Hallyn wrote:
> Quoting a...@redhat.com (a...@redhat.com):
> > +/**
> > + * propagate_behavior - propagates a change in the behavior down in
> > hierarchy
> > + * @devcg_root: device cgroup that changed behavior
> > + *
> > + * returns: 0 in case
Hi Serge,
On Thu, Jan 31, 2013 at 04:38:39AM +, Serge E. Hallyn wrote:
> > @@ -610,9 +770,14 @@case '\0':
> > */
> > if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
> > dev_exception_rm(devcgroup, &ex);
> > - retur
online/css_offline changes to a new patch
- use cgroup_for_each_descendant_pre() instead of own descendant walk
- move exception_copy rework to a separared patch
- move exception_clean rework to a separated patch
v2:
- instead of keeping the local settings that won't apply anymore, remo
lision detection allowing any
order to be used.
v2: improved the patch description as requested by Andrew
Cc: Andrew Morton
Cc: "Eric W. Biederman"
Cc: "Serge E. Hallyn"
Cc: linux-security-mod...@vger.kernel.org
Signed-off-by: Aristeu Rozanski
diff --git a/kernel
On Thu, Jan 24, 2013 at 04:46:12PM -0800, Andrew Morton wrote:
> eek, a macro! Macros are always bad.
>
> This one is bad because
>
> a) it's a macro
>
> b) it evaluates its args multiple times and hence will cause nasty
>bugs if called with expressions-with-side-effects.
>
> c) it evaluat
On Fri, Jan 25, 2013 at 06:31:37PM -0800, Eric W. Biederman wrote:
> Aritsteu after looking at both my version and yours I am going with
one extra t.
> mine. While my code is a little wordier I have half the number of
> comparisons your code does, and I took the time to kill the variable
> intro
On Fri, Jan 25, 2013 at 06:21:00PM -0800, Eric W. Biederman wrote:
> When I initially wrote the code for /proc//uid_map. I was lazy
> and avoided duplicate mappings by the simple expedient of ensuring the
> first number in a new extent was greater than any number in the
> previous extent.
>
> Unf
On Mon, Jan 28, 2013 at 06:41:39PM +0400, Lord Glauber Costa of Sealand wrote:
> Hello Mr. Someone.
>
> On 01/28/2013 06:28 PM, Aristeu Rozanski wrote:
> > On Fri, Jan 25, 2013 at 06:21:00PM -0800, Eric W. Biederman wrote:
> >> When I initially wrote the code for /pr
On Tue, Feb 19, 2013 at 09:12:08PM +, Serge E. Hallyn wrote:
> Quoting Aristeu Rozanski (a...@redhat.com):
> > + } else {
> > + /*
> > +* in the other possible cases:
> > +* root'
Hi Tejun,
On Tue, Feb 19, 2013 at 04:20:16PM -0500, Aristeu Rozanski wrote:
> On Tue, Feb 19, 2013 at 09:12:08PM +, Serge E. Hallyn wrote:
> > Quoting Aristeu Rozanski (a...@redhat.com):
> > > + } else {
> > > + /*
> > > +
This patch converts the code to use kstrtou32() instead of simple_strtoul()
which is deprecated. The real size of the variables are u32, so use kstrtou32
instead of kstrtoul
Signed-off-by: Aristeu Rozanski
---
security/device_cgroup.c | 28 ++--
1 file changed, 22
Cc: James Morris
Cc: Pavel Emelyanov
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
---
security/device_cgroup.c |8
1 file changed, 8 insertions(+)
Index: github/security/device_cgroup.c
===
--- github.orig
.
Cc: Tejun Heo
Cc: Li Zefan
Cc: James Morris
Cc: Pavel Emelyanov
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
---
Documentation/cgroups/devices.txt | 73 --
security/device_cgroup.c | 63 +++-
2 files cha
This function cleans all the items in a whitelist and will be used by the next
patches.
v2:
- no changes
Cc: Tejun Heo
Cc: Li Zefan
Cc: James Morris
Cc: Pavel Emelyanov
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
---
security/device_cgroup.c | 22 +-
1 file
The original model of device_cgroup is having a whitelist where all the
allowed devices are listed. The problem with this approach is that is
impossible to have the case of allowing everything but few devices.
The reason for that lies in the way the whitelist is handled internally:
since there's o
This patch replaces the "whitelist" usage in the code and comments and replace
them by exception list related information.
v2:
- fix checkpatch warnings
Cc: Tejun Heo
Cc: Li Zefan
Cc: James Morris
Cc: Pavel Emelyanov
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
---
e to use behavior instead of deny_all
Cc: Tejun Heo
Cc: Li Zefan
Cc: James Morris
Cc: Pavel Emelyanov
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
---
security/device_cgroup.c | 228 +++
1 file changed, 132 insertions(+), 96 deletio
v2: update cgroups.txt instead of creating a new file
Cc: Li Zefan
Cc: Tejun Heo
Cc: Hugh Dickins
Cc: Hillf Danton
Cc: Lennart Poettering
Signed-off-by: Aristeu Rozanski
---
Documentation/cgroups/cgroups.txt | 24 ++--
1 file changed, 22 insertions(+), 2 deletions
ering
Signed-off-by: Aristeu Rozanski
--
Aristeu
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
v2: add function documentation instead of adding a separate file under
Documentation/
Cc: Li Zefan
Cc: Tejun Heo
Cc: Hugh Dickins
Cc: Hillf Danton
Cc: Lennart Poettering
Signed-off-by: Aristeu Rozanski
---
fs/xattr.c | 18 --
1 file changed, 16 insertions(+), 2
Hi Tejun,
On Tue, Sep 11, 2012 at 11:23:56AM -0700, Tejun Heo wrote:
> + /* we're fully hierarchical iff root uses hierarchy */
minor nit: s/iff/if/
--
Aristeu
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vg
On Thu, Sep 13, 2012 at 11:11:24AM -0700, Tejun Heo wrote:
> Updated the patch in place accordingly. Thanks.
>
> From 4895768b6aab55bbdbebcf2da090cb1a5ccf5463 Mon Sep 17 00:00:00 2001
> From: Aristeu Rozanski
> Date: Tue, 11 Sep 2012 16:28:11 -0400
> Subject: [PATC
, dev_t dev)
> {
> - struct dev_cgroup *dev_cgroup = task_devcgroup(current);
> short type;
>
> if (!S_ISBLK(mode) && !S_ISCHR(mode))
> @@ -578,7 +577,7 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
> else
> type = DEV_CHAR;
>
> - return __devcgroup_check_perm
Tejun,
On Thu, Sep 13, 2012 at 01:58:27PM -0700, Tejun Heo wrote:
> memcg can be handled by memcg people and I can handle cgroup_freezer
> and others with help from the authors. The problematic one is
> blkio. If anyone is interested in working on blkio, please be my
> guest. Vivek? Gla
Sasha,
On Fri, Sep 14, 2012 at 09:35:53PM +0200, Sasha Levin wrote:
> This reverts commit 0142145ddb1d6c841be4eae2c7a32dd18ad34b24.
>
> Short version:
>
> Not initializing 'new_xattr' at the beginning of __simple_xattr_set() may
> lead to
> dereferencing it later on in the function.
>
>
> Lon
On Fri, Sep 14, 2012 at 01:55:55PM -0700, Tejun Heo wrote:
> On Fri, Sep 14, 2012 at 01:54:34PM -0700, Tejun Heo wrote:
> > On Fri, Sep 14, 2012 at 09:35:54PM +0200, Sasha Levin wrote:
> > > Prevent warnings generated by smatch due to unchecked dereference of
> > > 'new_xattr' in __simple_xattr_set
On Tue, Oct 23, 2012 at 02:50:48PM +0200, Jiri Slaby wrote:
> No, I'm *not* the author of the patch... Or at least I don't remember
> :P. Where did you take it from?
<1347615612-11450-1-git-send-email-jsl...@suse.cz>
Date: Fri, 14 Sep 2012 11:40:12 +0200
you didn't include a "From:" on your emai
The way this function was written is confusing and already caused problems.
Rewriting it to be easier to understand and maintain.
Cc: Tejun Heo
Cc: Li Zefan
Cc: Al Viro
Signed-off-by: Aristeu Rozanski
---
fs/xattr.c | 124 +
1
On Thu, Oct 25, 2012 at 10:33:26AM -0700, Tejun Heo wrote:
> On Thu, Oct 25, 2012 at 11:26:14AM -0400, Aristeu Rozanski wrote:
> > - return err;
> >
> > + return 1;
> > +}
>
> So, it returns 0 on success and 1 on failure, which in itself isn't a
> pa
On Thu, Oct 25, 2012 at 10:59:35AM -0700, Tejun Heo wrote:
> On Thu, Oct 25, 2012 at 10:54 AM, Aristeu Rozanski wrote:
> >> So, it returns 0 on success and 1 on failure, which in itself isn't a
> >> particularly good idea.
> >
> > you mean it should return
The way this function was written is confusing and already caused problems.
Rewriting it to be easier to understand and maintain.
v2:
- fix error return value in __simple_xattr_remove() (pointed by Tejun Heo)
Cc: Hugh Dickins
Cc: Tejun Heo
Cc: Li Zefan
Cc: Al Viro
Signed-off-by: Aristeu
rew, Tejun, this patch needs to make Linus tree ASAP or a revert for
4cef7299b4786879a3e113e84084a72b24590c5b.
Cc: Andrew Morton
Cc: Tejun Heo
Cc: Li Zefan
Cc: James Morris
Cc: Pavel Emelyanov
Cc: Serge Hallyn
Cc: Jiri Slaby
Signed-off-by: Aristeu Rozanski
--- github.orig/security/devic
On Wed, Oct 31, 2012 at 04:35:01PM -0700, Andrew Morton wrote:
> On Wed, 31 Oct 2012 12:04:30 -0400
> Aristeu Rozanski wrote:
>
> > In 4cef7299b4786879a3e113e84084a72b24590c5b the cgroup parent usage is
> > unchecked. root will not have a parent and trying to use
> &g
c: "Eric W. Biederman"
Cc: Al Viro
Signed-off-by: Aristeu Rozanski
diff --git a/fs/coredump.c b/fs/coredump.c
index ce47379..fa14ea1 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -455,6 +455,19 @@ static int umh_pipe_setup(struct subprocess_info *info,
struct cred *new)
On Mon, Nov 05, 2012 at 11:34:26AM -0800, Eric W. Biederman wrote:
> I would argue that you very much need to define what it means to have a
> per container core dump at the same time as you argue this.
>
> Nacked-by: "Eric W. Biederman"
>
> Running in a namespace different than whoever set the
Hi Eric,
On Wed, Jul 25, 2012 at 04:14:41PM -0700, Eric W. Biederman wrote:
> Sorry no. I have unfortunately been a bit out of it for the last few
> weeks and I have patches to address this already in my development tree.
what's the tree you're using for development? ebiederm/user-namespace.git a
On Thu, Jul 26, 2012 at 10:24:41AM -0700, Eric W. Biederman wrote:
> Please see my userns-always-map-user-v41 branch.
d'oh. thanks Eric
--
Aristeu
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info
Cc: Li Zefan
Cc: Tejun Heo
Cc: Hugh Dickins
Cc: Hillf Danton
Cc: Lennart Poettering
Signed-off-by: Aristeu Rozanski
---
Documentation/filesystems/00-INDEX |3 ++
Documentation/filesystems/simple_xattr.txt | 42 +
2 files changed, 45 insertions
cgroups: add documentation on extended attributes and simple_xattr functions
These patches add documentation on the new functions and current specific
cgroup usage.
Cc: Li Zefan
Cc: Tejun Heo
Cc: Hugh Dickins
Cc: Hillf Danton
Cc: Lennart Poettering
Signed-off-by: Aristeu Rozanski
Cc: Li Zefan
Cc: Tejun Heo
Cc: Hugh Dickins
Cc: Hillf Danton
Cc: Lennart Poettering
Signed-off-by: Aristeu Rozanski
---
Documentation/cgroups/00-INDEX |2 ++
Documentation/cgroups/xattr.txt | 21 +
2 files changed, 23 insertions(+)
--- a/Documentation/cgroups
Hi Dave,
On Fri, Oct 05, 2012 at 05:59:29PM -0400, Dave Jones wrote:
> On boot in Linus' current tree..
>
>
> ===
> [ INFO: suspicious RCU usage. ]
> 3.6.0+ #22 Not tainted
> ---
> include/linux/cgroup.h:566 suspicious rcu_dereference_check(
On Mon, Dec 03, 2012 at 09:44:14AM -0800, Tejun Heo wrote:
> I kinda dislike this. This isn't a performanc critical path where we
> must try our best to shave off a few condition checks. There's no
> reason to encode the test like this. Please just spell the conditions
> out in code rather than
On Mon, Dec 03, 2012 at 06:01:25PM +, Serge E. Hallyn wrote:
> First, generally, I don't think 'allows' added to parent should be
> automatically propagated to descendents.
that's what I think too and what I tried to do
> In devcgroup_update_access: (around line 625)
> there is a perio
On Mon, Dec 03, 2012 at 10:01:45AM -0800, Tejun Heo wrote:
> On Tue, Nov 27, 2012 at 02:35:06PM -0500, Aristeu Rozanski wrote:
> > This patch makes all changes propagate down in hierarchy respecting when
> > possible local configurations.
> >
> > Behavior changes will
On Wed, Oct 17, 2012 at 12:26:23PM -0400, Dave Jones wrote:
> On Fri, Oct 05, 2012 at 06:06:12PM -0400, Aristeu Rozanski wrote:
> > Hi Dave,
> > On Fri, Oct 05, 2012 at 05:59:29PM -0400, Dave Jones wrote:
> > > On boo
ttr;
> - struct simple_xattr *uninitialized_var(new_xattr);
> + struct simple_xattr *new_xattr = NULL;
> int err = 0;
>
> /* value == NULL means remove */
I think Sasha Levin was working on that (Cc'd) along with the smatch fix.
Anyway, __simple_xattr_set
This was done in a v2 patch but v1 ended up being committed. The variable name
is less confusing and stores the default behavior when no matching exception
exists.
Cc: Dave Jones
Cc: Andrew Morton
Cc: Tejun Heo
Cc: Li Zefan
Cc: James Morris
Cc: Pavel Emelyanov
Cc: Serge Hallyn
Signed-off-b
Before changing a group's default behavior to ALLOW, we must check if its
parent's behavior is also ALLOW.
Cc: Tejun Heo
Cc: Li Zefan
Cc: James Morris
Cc: Pavel Emelyanov
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
---
security/device_cgroup.c | 19 +
This patch converts the code to use kstrtou32() instead of simple_strtoul()
which is deprecated. The real size of the variables are u32, so use kstrtou32
instead of kstrtoul
Cc: Dave Jones
Cc: Andrew Morton
Cc: Tejun Heo
Cc: Li Zefan
Cc: James Morris
Cc: Pavel Emelyanov
Cc: Serge Hallyn
Si
changed, 61 insertions(+), 26 deletions(-)
Cc: Dave Jones
Cc: Andrew Morton
Cc: Tejun Heo
Cc: Li Zefan
Cc: James Morris
Cc: Pavel Emelyanov
Cc: Serge Hallyn
Signed-off-by: Aristeu Rozanski
--
Aristeu
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the
On Fri, Oct 19, 2012 at 11:45:06PM +0200, Jiri Slaby wrote:
> > Signed-off-by: Jiri Slaby
>
> R U sure?^^^
> As I don't remember myself ever seeing this patch...
> Maybe I should start smoking some crap to refresh my memory?
argh, sorry. wanted to include everyone
changed, 61 insertions(+), 26 deletions(-)
Cc: Dave Jones
Cc: Andrew Morton
Cc: Tejun Heo
Cc: Li Zefan
Cc: James Morris
Cc: Pavel Emelyanov
Cc: Serge Hallyn
Cc: Jiri Slaby
Signed-off-by: Aristeu Rozanski
--
Aristeu
--
To unsubscribe from this list: send the line "unsubscribe linux-kerne
Cc: Jiri Slaby
Signed-off-by: Aristeu Rozanski
---
security/device_cgroup.c | 28 ++--
1 file changed, 22 insertions(+), 6 deletions(-)
--- github.orig/security/device_cgroup.c2012-10-19 16:35:46.366102913
-0400
+++ github/security/device_cgroup.c 2012-10
Before changing a group's default behavior to ALLOW, we must check if its
parent's behavior is also ALLOW.
Cc: Tejun Heo
Cc: Li Zefan
Cc: James Morris
Cc: Pavel Emelyanov
Cc: Serge Hallyn
Cc: Jiri Slaby
Signed-off-by: Aristeu Rozanski
---
security/device_cgrou
From: Jiri Slaby
Commit "device_cgroup: convert device_cgroup internally to policy +
exceptions" removed rcu locks which are needed in task_devcgroup
called in this chain: devcgroup_inode_mknod OR
__devcgroup_inode_permission -> __devcgroup_inode_permission ->
task_devcgroup -> task_subsys_state
Slaby
Signed-off-by: Aristeu Rozanski
---
security/device_cgroup.c | 25 ++---
1 file changed, 14 insertions(+), 11 deletions(-)
--- github.orig/security/device_cgroup.c2012-10-19 16:35:37.936804289
-0400
+++ github/security/device_cgroup.c 2012-10-19 16:35
Hi Andrew,
On Mon, Oct 22, 2012 at 12:58:38PM -0700, Andrew Morton wrote:
> On Mon, 22 Oct 2012 09:45:36 -0400
> Aristeu Rozanski wrote:
>
> > This patchset rebases the v2 of the patchset since the v1 was pushed into
> > -rc1
> > instead. The last patch, not present
On Tue, Apr 16, 2013 at 11:24:55PM +0300, Rami Rosen wrote:
> In devcgroup_css_alloc(), there is no longer need for parent_cgroup.
> bd2953ebbb("devcg: propagate local changes down the hierarchy") made
> the variable parent_cgroup redundant. This patch removes parent_cgroup
> from devcgroup_css_all
On Tue, Apr 16, 2013 at 04:07:25PM -0500, Serge Hallyn wrote:
> Quoting Aristeu Rozanski (a...@redhat.com):
> > On Tue, Apr 16, 2013 at 11:24:55PM +0300, Rami Rosen wrote:
> > > In devcgroup_css_alloc(), there is no longer need for parent_cgroup.
> > > bd2953ebbb(&quo
On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote:
> This patchset is first part of namespace support for audit.
> in this patchset, the mainly resources of audit system have
> been isolated. the audit filter, rules havn't been isolated
> now. It will be implemented in Part2. We finished the
On Thu, Jun 20, 2013 at 03:01:09PM -0700, Eric W. Biederman wrote:
> Gao feng writes:
>
> > On 06/20/2013 11:02 AM, Gao feng wrote:
> >> If we don't tie audit to user namespace, there is still one problem.
> >
> > One more problem. some audit messages are generated by some net subsystem
> > such
nel/cgroup.c::offline_css(), unnecessary open coded css
> dereference is replaced with local variable access.
>
> This patch shouldn't cause any behavior differences.
looks fine on device_cgroup.c bit
Acked-by: Aristeu Rozanski
--
Aristeu
--
To unsubscribe from this list: send the l
any user left. Removed.
>
> * hugetlb: hugetlb_cgroup_form_cgroup() doesn't have any user left.
> Removed.
>
> * net_cls: cgrp_cls_state() doesn't have any user left. Removed.
Also looks good on devcg part
Acked-by: Aristeu Rozanski
--
Aristeu
--
To unsubscrib
ed.
>
> * devices: cgroup_to_devcgroup() is no longer used. Removed.
Acked-by: Aristeu Rozanski
--
Aristeu
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
dling before or after, it's moved inside the
> iteration. If not, if (pos == origin) continue; is added. Some
> conversions add extra reference get/put around origin handling by
> consolidating origin handling and the rest. While the extra ref
> operations aren't strictly
On Tue, May 14, 2013 at 10:05:39AM -0500, Serge Hallyn wrote:
> so now that the device cgroup properly respects hierarchy, not allowing
> a cgroup to be given greater permission than its parent, should we consider
> relaxing the capability checks?
>
> There are two capable(CAP_SYS_ADMIN) checks in
ted proper hierarchy support. Remove the broken tag.
>
> Signed-off-by: Tejun Heo
> Cc: Aristeu Rozanski
> ---
> Applying to cgroup/for-3.10.
looks good, thanks Tejun
Acked-by: Aristeu Rozanski
--
Aristeu
--
To unsubscribe from this list: send the line "unsubscribe
On Tue, May 07, 2013 at 10:20:30AM +0800, Gao feng wrote:
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 684599b..33e6584 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -441,7 +441,8 @@ extern int audit_filter_type(int type);
> extern int audit_recei
On Mon, Aug 20, 2012 at 09:47:15PM -0700, Hugh Dickins wrote:
> On Mon, 20 Aug 2012, Aristeu Rozanski wrote:
> > On Mon, Aug 20, 2012 at 12:10:09AM -0700, Hugh Dickins wrote:
> > > Yes, it looks nice to me. I might have preferred more as inlines in
> > > the header fi
On Wed, Aug 22, 2012 at 01:25:06PM -0700, Hugh Dickins wrote:
> > > Probably more important would be to remove spin_lock() and spin_unlock()
> > > (and INIT_LIST_HEAD) from simple_xattrs_free() - those are unnecessary
> > > in shmem_evict_inode(), and wouldn't they be unnecessary whenever
> > > sim
On Thu, Aug 23, 2012 at 12:44:23PM -0700, Tejun Heo wrote:
> Hello, Hugh.
>
> On Tue, Aug 21, 2012 at 04:29:53PM -0700, Hugh Dickins wrote:
> > Are we expecting Aristeu+Zefan's simple_xattr patches to go into 3.7?
>
> Yeah, probably.
>
> > I don't have anything planned for shmem.c for 3.7 beyond
On Thu, Aug 23, 2012 at 04:14:24PM -0700, Hugh Dickins wrote:
> I'm also happy to see that you're now using simple_xattr_alloc() in
> __simple_xattr_set() (but no need to respin to comment on that here).
>
> It looks very nice: much better for this code to live in fs/xattr.c
> than in mm/shmem.c.
Hi Tejun,
On Fri, Aug 24, 2012 at 03:58:39PM -0700, Tejun Heo wrote:
> On Thu, Aug 23, 2012 at 04:53:27PM -0400, a...@redhat.com wrote:
> > This series are a refreshed version of a patchset submitted by Li Zefan back
> > in march:
> > https://lkml.org/lkml/2012/3/1/13
>
> Applied to cgroup/for
On Sun, Sep 16, 2012 at 09:19:17AM +0100, James Bottomley wrote:
> On Fri, 2012-09-14 at 14:36 -0400, Aristeu Rozanski wrote:
> > also, heard about the desire of having a device namespace instead with
> > support for translation ("sda" -> "sdf"). If anyone see
(Added Lennart to the discussion so he can help explaining how systemd will
use the xattrs)
On Fri, Jul 20, 2012 at 11:04:59AM -0700, Tejun Heo wrote:
> Hello, Hugh, Aristeu.
>
> On Fri, Jul 20, 2012 at 01:59:59PM -0400, Aristeu Rozanski wrote:
> > hm, not sure that's wha
Hugh,
On Wed, Jul 18, 2012 at 06:11:32PM -0700, Hugh Dickins wrote:
> > But why do we need something completely new? Can't we hijack some
> > inodes used by tmpfs and use them for xattr storage? ie. Would it be
> > difficult to use tmpfs as backend storage for on-memory xattr? With
> > that, we
On Sun, Jul 22, 2012 at 12:12:07PM -0700, Hugh Dickins wrote:
> Please, do not do this.
>
> It may be fun to implement, but not to review and maintain.
>
> If we're going to start supporting swappable kernel memory, tmpfs
> xattrs is not the right place to start, and libfs xattrs certainly not:
>
On Tue, Jul 24, 2012 at 11:28:09AM -0700, Tejun Heo wrote:
> On Mon, Jul 23, 2012 at 02:12:52PM -0400, Aristeu Rozanski wrote:
> > > Will "lsattr -R" in the cgroupfs mountpoint do enough to judge how
> > > much memory is being used in this way? I expect not, but I
Hi Eric,
On Wed, Jul 11, 2012 at 03:01:17PM -0400, Aristeu Rozanski wrote:
> Hi,
> this patchset converts 9p, ADFS, AFFS, AFS and autofs4 to use kuid and kgid.
> I plan to work on the other pending filesystems too but wanted some feedback
> on the first ones first.
had any chance to l
1 - 100 of 195 matches
Mail list logo