On 2017/1/23 15:16, Ma Shimiao wrote: > Hi all, > > I think I met a problem about cgroup devices. > > The following is my detailed operations: > > # cd /sys/fs/cgroup/devices/ > # mkdir test > # echo "c 1:3 rw" > test/devices.deny > # cat test/devices.list > a *:* rwm > > It seems my setting does not react in devices.list. > > But in another terminal, /dev/null is really limited to access. > $ sudo cgexec -g devices:test dd if=/dev/zero of=/dev/null bs=1M count=128 > dd: failed to open '/dev/null': Operation not permitted > > So, is this a bug of cgroup devices? > It's not a bug. It's a feature introduced by commit ad676077a2ae4af4bb. That said, I don't like this feature at all, because it's very confusing, and obviously you are confused. -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
