Quoting Li Zefan (lizf@xxxxxxxxxxxxxx): > devices.allow and devices.deny are write-only, and devices.list is read-only. > > Signed-off-by: Li Zefan <lizf@xxxxxxxxxxxxxx> Yup that should be intuitive for people. Acked-by: Serge Hallyn <serue@xxxxxxxxxx> thanks, -serge > --- > security/device_cgroup.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/security/device_cgroup.c b/security/device_cgroup.c > index 3aacd0f..b13fbb8 100644 > --- a/security/device_cgroup.c > +++ b/security/device_cgroup.c > @@ -439,16 +439,19 @@ static struct cftype dev_cgroup_files[] = { > .name = "allow", > .write_string = devcgroup_access_write, > .private = DEVCG_ALLOW, > + .mode = 0200, > }, > { > .name = "deny", > .write_string = devcgroup_access_write, > .private = DEVCG_DENY, > + .mode = 0200, > }, > { > .name = "list", > .read_seq_string = devcgroup_seq_read, > .private = DEVCG_LIST, > + .mode = 0444, > }, > }; > > -- 1.5.4.rc3 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers