On Tue, Jan 29, 2013 at 02:08:04PM -0500, aris@xxxxxxxxxx wrote: > Currently may_access() is only able to verify if an exception is valid for the > current cgroup, which has the same behavior. With hierarchy, it'll be also used > to verify if a cgroup local exception is valid towards its cgroup parent, which > might have different behavior. > > v2: > - updated patch description > - rebased on top of a new patch to expand the may_access() logic to make it > more clear > - fixed argument description order in may_access() > > Cc: Tejun Heo <tj@xxxxxxxxxx> > Cc: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx> > Signed-off-by: Aristeu Rozanski <aris@xxxxxxxxxx> > > --- > security/device_cgroup.c | 44 +++++++++++++++++++++++++++----------------- > 1 file changed, 27 insertions(+), 17 deletions(-) > > --- github.orig/security/device_cgroup.c 2013-01-29 11:49:15.514669057 -0500 > +++ github/security/device_cgroup.c 2013-01-29 11:49:15.795673240 -0500 > @@ -354,9 +354,11 @@ return 0; > * verify if a certain access is allowed. > * @dev_cgroup: dev cgroup to be tested against > * @refex: new exception > + * @behavior: behavior of the exception > */ > -static int may_access(struct dev_cgroup *dev_cgroup, > - struct dev_exception_item *refex) > +static bool may_access(struct dev_cgroup *dev_cgroup, > + struct dev_exception_item *refex, > + enum devcg_behavior behavior) Probably belongs to the previous patch. Other than that, Acked-by: Tejun Heo <tj@xxxxxxxxxx> Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
