Quoting Tejun Heo (tj@xxxxxxxxxx): > On Thu, Jul 11, 2013 at 10:34:05AM +0100, Daniel P. Berrange wrote: > > FWIW, libvirt's usage of devcg is to deny all by default, allow major 136 > > (for all /dev/pts/*), followed by allow (major,minor) pair for each specific > > whitelisted devices. As such we don't have anything that relies on ordering > > of rules in devcg. > > I'd personally much prefer something very simple - allow all by > default, allow only the specified if explicitly specified. I really > don't want full iptables like facility inside devcg. > > Thanks. FWIW lxc is also quite happy with the simple rules. Is there something in particular you want to accomplish for which the current rules do not suffice? _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
