set_value should not check read access(2) perms
Bug #1293647 reported by
Serge Hallyn
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cgmanager (Ubuntu) |
Fix Released
|
Critical
|
Serge Hallyn |
Bug Description
devices.deny and devices.allow are --w------. cgmanager checks for O_RDWR access rights to the file before setting a cgroup value. This prevents a container from modifying its devices cgroup settings.
The fix is to sed -i '459s/O_
WIthout this fix, container device access cannot be restricted.
Related branches
Changed in cgmanager (Ubuntu): | |
importance: | Undecided → Critical |
Changed in cgmanager (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Serge Hallyn (serge-hallyn) |
To post a comment you must log in.
This bug was fixed in the package cgmanager - 0.20-0ubuntu4
---------------
cgmanager (0.20-0ubuntu4) trusty; urgency=medium
* d/p/0003- set_value- only-check- write-access- rights. patch: fix wrong
refusals to set cgroup values (LP: #1293647)
-- Serge Hallyn <email address hidden> Mon, 17 Mar 2014 11:38:19 -0500