On Sat, Jul 14, 2018 at 1:25 AM, Dmitry Torokhov <dtor@xxxxxxxxxxxx> wrote: > On Sat, Jul 14, 2018 at 8:58 AM Todd Poynor <toddpoynor@xxxxxxxxx> wrote: >> >> From: Todd Poynor <toddpoynor@xxxxxxxxxx> >> >> Always allow root to open device for writing. >> >> Drop special-casing of ioctl permissions for root vs. owner. >> >> Reported-by: Dmitry Torokhov <dtor@xxxxxxxxxxxx> >> Signed-off-by: Zhongze Hu <frankhu@xxxxxxxxxxxx> >> Signed-off-by: Todd Poynor <toddpoynor@xxxxxxxxxx> > > I think this patch is good as is, but as a followup you should create > a patch that supports user namespaces, i.e. replaces > capable(CAP_SYS_ADMIN) with ns_capable(...) in gasket_open() so you > can allow containers to control the device, if necessary. Thanks, I'll add that to the list. > > Reviewed-by: Dmitry Torokhov <dtor@xxxxxxxxxxxx> > > Thanks, > Dmitry -- Todd _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
