sukadev@xxxxxxxxxx wrote: > | > I started playing with this and noticed that even if I try to > | > enable read access to device [c, 1:3] it also grants access > | > to device [c, 1:5]. > | > | Hm... I can't reproduce this: > | > | # /bin/echo 'c 1:3 r-' > /cnt/dev/0/devices.permissions > | # /bin/echo -n $$ > /cnt/dev/0/tasks > | # cat /cnt/dev/0/devices.permissions > | c 1:3 r- > | # hexdump /dev/null > | # hexdump /dev/zero > | hexdump: /dev/zero: No such device or address > | hexdump: /dev/zero: Bad file descriptor > | > | Maybe you have played with devs cgroups before getting this? > | Can you show what's the contents of the devices.permissions file > | in your case? > > Here is the repro again. I even tried after a reboot. Basically, > granting access to /dev/null is also granting access to /dev/zero. > > # cat devices.permissions > # hexdump /dev/zero > hexdump: /dev/zero: No such device or address > hexdump: /dev/zero: Bad file descriptor > # hexdump /dev/null > hexdump: /dev/null: No such device or address > hexdump: /dev/null: Bad file descriptor > # echo 'c 1:3 r-' > devices.permissions > # hexdump /dev/null > # hexdump /dev/zero > 0000000 0000 0000 0000 0000 0000 0000 0000 0000 > * > ^C > # cat tasks > 3279 > 22266 > # ps > PID TTY TIME CMD > 3279 pts/0 00:00:00 bash > 22267 pts/0 00:00:00 ps > This all looks completely incomprehensible :( Here's my test: # mount -t cgroup none /cnt/dev/ -o devices # mkdir /cnt/dev/0 # /bin/echo -n $$ > /cnt/dev/0/tasks # cat /cnt/dev/0/devices.permissions # hexdump /dev/zero hexdump: /dev/zero: No such device or address hexdump: /dev/zero: Bad file descriptor # hexdump /dev/null hexdump: /dev/null: No such device or address hexdump: /dev/null: Bad file descriptor # echo 'c 1:3 r-' > /cnt/dev/0/devices.permissions # cat /cnt/dev/0/devices.permissions c 1:3 r- # hexdump /dev/null # hexdump /dev/zero hexdump: /dev/zero: No such device or address hexdump: /dev/zero: Bad file descriptor Sukadev, could you please try to track the problem as you seem to be the only person who's experiencing problems with that. Thanks, Pavel _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers