Hello, Aristeu. On Thu, Aug 15, 2013 at 11:34:10AM -0400, aris@xxxxxxxxxx wrote: > With this patchset, the 'b 1:5 r' exception will be kept and whenever possible > (more specifically when the parent gets access to more devices) it'll be > re-evaluated and applied if allowed. In this specific case, since it's allowed > again, the exception 'b 1:5 r' will be reapplied to B. So, while this patchset is headed in the right direction, some stuff still bothers me. * The configurations are finicky and complex. There are many ways to configure it and some may fail depending on some conditions. I really wish it were a lot simpler, at least when sane_behavior. * Using separate propagation paths for allows and denys feels a bit weird. Can't config just update local config and always propagate the change downwards? When sane_behavior, can't we have something like the following? * Setting local config is not affected by what ancestors or descendants are doing. It just sets local config and triggers propagation and never fails (except for things like alloc failure). * Config defaults to allow-all unconfigured and there are only two modes - allow-all or allow-only-listed with an easy way to flip between the two and clear the list, which lists either specific maj:min or maj. Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
