set_value should not check read access(2) perms
Bug #1293647 reported by
Serge Hallyn
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| cgmanager (Ubuntu) |
Fix Released
|
Critical
|
Serge Hallyn | ||
Bug Description
devices.deny and devices.allow are --w------. cgmanager checks for O_RDWR access rights to the file before setting a cgroup value. This prevents a container from modifying its devices cgroup settings.
The fix is to sed -i '459s/O_
WIthout this fix, container device access cannot be restricted.
Related branches
| Changed in cgmanager (Ubuntu): | |
| importance: | Undecided → Critical |
| Changed in cgmanager (Ubuntu): | |
| status: | New → In Progress |
| assignee: | nobody → Serge Hallyn (serge-hallyn) |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in cgmanager (Ubuntu): | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
This bug was fixed in the package cgmanager - 0.20-0ubuntu4
---------------
cgmanager (0.20-0ubuntu4) trusty; urgency=medium
* d/p/0003-
refusals to set cgroup values (LP: #1293647)
-- Serge Hallyn <email address hidden> Mon, 17 Mar 2014 11:38:19 -0500