| > I started playing with this and noticed that even if I try to | > enable read access to device [c, 1:3] it also grants access | > to device [c, 1:5]. | | Hm... I can't reproduce this: | | # /bin/echo 'c 1:3 r-' > /cnt/dev/0/devices.permissions | # /bin/echo -n $$ > /cnt/dev/0/tasks | # cat /cnt/dev/0/devices.permissions | c 1:3 r- | # hexdump /dev/null | # hexdump /dev/zero | hexdump: /dev/zero: No such device or address | hexdump: /dev/zero: Bad file descriptor | | Maybe you have played with devs cgroups before getting this? | Can you show what's the contents of the devices.permissions file | in your case? Here is the repro again. I even tried after a reboot. Basically, granting access to /dev/null is also granting access to /dev/zero. # cat devices.permissions # hexdump /dev/zero hexdump: /dev/zero: No such device or address hexdump: /dev/zero: Bad file descriptor # hexdump /dev/null hexdump: /dev/null: No such device or address hexdump: /dev/null: Bad file descriptor # echo 'c 1:3 r-' > devices.permissions # hexdump /dev/null # hexdump /dev/zero 0000000 0000 0000 0000 0000 0000 0000 0000 0000 * ^C # cat tasks 3279 22266 # ps PID TTY TIME CMD 3279 pts/0 00:00:00 bash 22267 pts/0 00:00:00 ps _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers