)]}' { "log": [ { "commit": "be367d09927023d081f9199665c8500f69f14d22", "tree": "f0c5b9da037506da3c5890cf11b51b39a7d3c427", "parents": [ "c378369d8b4fa516ff2b1e79c3eded4e0e955ebb" ], "author": { "name": "Ben Blum", "email": "bblum@google.com", "time": "Wed Sep 23 15:56:31 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 07:20:58 2009 -0700" }, "message": "cgroups: let ss-\u003ecan_attach and ss-\u003eattach do whole threadgroups at a time\n\nAlter the ss-\u003ecan_attach and ss-\u003eattach functions to be able to deal with\na whole threadgroup at a time, for use in cgroup_attach_proc. (This is a\npre-patch to cgroup-procs-writable.patch.)\n\nCurrently, new mode of the attach function can only tell the subsystem\nabout the old cgroup of the threadgroup leader. No subsystem currently\nneeds that information for each thread that\u0027s being moved, but if one were\nto be added (for example, one that counts tasks within a group) this bit\nwould need to be reworked a bit to tell the subsystem the right\ninformation.\n\n[hidave.darkstar@gmail.com: fix build]\nSigned-off-by: Ben Blum \u003cbblum@google.com\u003e\nSigned-off-by: Paul Menage \u003cmenage@google.com\u003e\nAcked-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nReviewed-by: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Dave Young \u003chidave.darkstar@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cd5008196f7e583f4c558531a2bca59f6c674c5b", "tree": "c91a3d15b09545eddebbc09577b2763ef2e34235", "parents": [ "f9ab5b5b0f5be506640321d710b0acd3dca6154a" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Wed Jun 17 16:26:33 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jun 18 13:03:47 2009 -0700" }, "message": "devcgroup: skip superfluous checks when found the DEV_ALL elem\n\nWhile walking through the whitelist, if the DEV_ALL item is found, no more\ncheck is needed.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b4046f00ee7c1e5615261b496cf7309683275b29", "tree": "8ef312b95b03f362f7780a37620167c54bf55e8f", "parents": [ "d969fbe69e07fcceb0558b35d4c75eb046041c5e" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Thu Apr 02 16:57:32 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Apr 02 19:04:55 2009 -0700" }, "message": "devcgroup: avoid using cgroup_lock\n\nThere is nothing special that has to be protected by cgroup_lock,\nso introduce devcgroup_mtuex for it\u0027s own use.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0b82ac37b889ec881b645860da3775118effb3ca", "tree": "93407311725ac2588df5f37e261304a51064e200", "parents": [ "116e05751285c20edf5768ca3bcc00dad86181bb" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Wed Jan 07 18:07:46 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jan 08 08:31:03 2009 -0800" }, "message": "devices cgroup: allow mkfifo\n\nThe devcgroup_inode_permission() hook in the devices whitelist cgroup has\nalways bypassed access checks on fifos. But the mknod hook did not. The\ndevices whitelist is only about block and char devices, and fifos can\u0027t\neven be added to the whitelist, so fifos can\u0027t be created at all except by\ntasks which have \u0027a\u0027 in their whitelist (meaning they have access to all\ndevices).\n\nFix the behavior by bypassing access checks to mkfifo.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nCc: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nReported-by: Daniel Lezcano \u003cdlezcano@fr.ibm.com\u003e\nCc: \u003cstable@kernel.org\u003e\t\t[2.6.27.x]\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "116e05751285c20edf5768ca3bcc00dad86181bb", "tree": "a95c51476e30fb1374dc50d6051c7216f23afa2f", "parents": [ "a47295e6bc42ad35f9c15ac66f598aa24debd4e2" ], "author": { "name": "Lai Jiangshan", "email": "laijs@cn.fujitsu.com", "time": "Wed Jan 07 18:07:45 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jan 08 08:31:03 2009 -0800" }, "message": "devcgroup: use list_for_each_entry_rcu()\n\nWe should use list_for_each_entry_rcu in RCU read site.\n\nSigned-off-by: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "47c59803becb55b72b26cdab3838d621a15badc8", "tree": "63711f3e41f46288e2fa18db0b4ed734e9b1f668", "parents": [ "c012a54ae0b2ee2c73499f54596e0f5257288fec" ], "author": { "name": "Lai Jiangshan", "email": "laijs@cn.fujitsu.com", "time": "Sat Oct 18 20:28:07 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 20 08:52:38 2008 -0700" }, "message": "devcgroup: remove spin_lock()\n\nSince we introduced rcu for read side, spin_lock is used only for update.\nBut we always hold cgroup_lock() when update, so spin_lock() is not need.\n\nAdditional cleanup:\n1) include linux/rcupdate.h explicitly\n2) remove unused variable cur_devcgroup in devcgroup_update_access()\n\nSigned-off-by: Lai Jiangshan \u003claijs@cn.fujitsu.com\u003e\nAcked-by: \"Serge E. Hallyn\" \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c012a54ae0b2ee2c73499f54596e0f5257288fec", "tree": "4fab77415948c241c563a4de1e8e29fcc0604828", "parents": [ "2cdc7241a290bb2b9ef4c2e2969a4a3ed92abb63" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Sat Oct 18 20:28:07 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 20 08:52:38 2008 -0700" }, "message": "devcgroup: remove unused variable\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2cdc7241a290bb2b9ef4c2e2969a4a3ed92abb63", "tree": "c544eeca8ed7777580ebd91f97778792d5ff6d07", "parents": [ "886465f407e57d6c3c81013c919ea670ce1ae0d0" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Sat Oct 18 20:28:06 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 20 08:52:38 2008 -0700" }, "message": "devcgroup: use kmemdup()\n\nThis saves 40 bytes on my x86_32 box.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "36fd71d293898a59b14e49da1f6e81c1a58f2035", "tree": "e67d5a0f6fc6caa83558f57588d9f69a46e5f4c9", "parents": [ "09a2910e54646f7a334702fbafa7a6129dc072e6" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Tue Sep 02 14:35:52 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Sep 02 19:21:38 2008 -0700" }, "message": "devcgroup: fix race against rmdir()\n\nDuring the use of a dev_cgroup, we should guarantee the corresponding\ncgroup won\u0027t be deleted (i.e. via rmdir). This can be done through\ncss_get(\u0026dev_cgroup-\u003ecss), but here we can just get and use the dev_cgroup\nunder rcu_read_lock.\n\nAnd also remove checking NULL dev_cgroup, it won\u0027t be NULL since a task\nalways belongs to a cgroup.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7759fc9d10d3559f365cb122d81e0c0a185fe0fe", "tree": "2674cb439f9d27b5c0ef9ef078f6c8f7dac3b758", "parents": [ "4efd1a1b2f09a4b746dd9dc057986c6dadcb1317" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Fri Jul 25 01:47:08 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 25 10:53:37 2008 -0700" }, "message": "devcgroup: code cleanup\n\n- clean up set_majmin()\n- use simple_strtoul() to parse major/minor\n\n[akpm@linux-foundation.org: fix simple_strtoul() usage]\n[kosaki.motohiro@jp.fujitsu.com: fix warnings]\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4efd1a1b2f09a4b746dd9dc057986c6dadcb1317", "tree": "048b7c286be2f17efce9b3482d9618cd150ee3f7", "parents": [ "e885dcde75685e09f23cffae1f6d5169c105b8a0" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Fri Jul 25 01:47:07 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 25 10:53:37 2008 -0700" }, "message": "devcgroup: relax white-list protection down to RCU\n\nCurrently this list is protected with a simple spinlock, even for reading\nfrom one. This is OK, but can be better.\n\nActually I want it to be better very much, since after replacing the\nOpenVZ device permissions engine with the cgroup-based one I noticed, that\nwe set 12 default device permissions for each newly created container (for\n/dev/null, full, terminals, ect devices), and people sometimes have up to\n20 perms more, so traversing the ~30-40 elements list under a spinlock\ndoesn\u0027t seem very good.\n\nHere\u0027s the RCU protection for white-list - dev_whitelist_item-s are added\nand removed under the devcg-\u003elock, but are looked up in permissions\nchecking under the rcu_read_lock.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: \"Paul E. McKenney\" \u003cpaulmck@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f92523e3a7861f5dbd76021e0719a35fe8771f2d", "tree": "933c9e6e1f0683ac1c6bc019da5b91c9e567bf7c", "parents": [ "e37123953292146445c8629b3950d0513fd10ae2" ], "author": { "name": "Paul Menage", "email": "menage@google.com", "time": "Fri Jul 25 01:47:03 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 25 10:53:36 2008 -0700" }, "message": "cgroup files: convert devcgroup_access_write() into a cgroup write_string() handler\n\nThis patch converts devcgroup_access_write() from a raw file handler\ninto a handler for the cgroup write_string() method. This allows some\nboilerplate copying/locking/checking to be removed and simplifies the\ncleanup path, since these functions are performed by the cgroups\nframework before calling the handler.\n\nSigned-off-by: Paul Menage \u003cmenage@google.com\u003e\nCc: Paul Jackson \u003cpj@sgi.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ec229e830060091b9be63c8f873c1b2407a82821", "tree": "505231f1cad4a3258d509dfc75e47ed445647ff6", "parents": [ "17d213f806dad629e9af36fc45f082b87ed7bceb" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Sun Jul 13 12:14:04 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jul 13 12:51:18 2008 -0700" }, "message": "devcgroup: fix permission check when adding entry to child cgroup\n\n # cat devices.list\n c 1:3 r\n # echo \u0027c 1:3 w\u0027 \u003e sub/devices.allow\n # cat sub/devices.list\n c 1:3 w\n\nAs illustrated, the parent group has no write permission to /dev/null, so\nit\u0027s child should not be allowed to add this write permission.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "17d213f806dad629e9af36fc45f082b87ed7bceb", "tree": "bbb91f06c39cddd1a05b0bdb8470f472c39c81c6", "parents": [ "0302c01b4b793cfbc5c7bf8723f6d14bf9bd7cf4" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Sun Jul 13 12:14:02 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jul 13 12:51:18 2008 -0700" }, "message": "devcgroup: always show positive major/minor num\n\n # echo \"b $((0x7fffffff)):$((0x80000000)) rwm\" \u003e devices.allow\n # cat devices.list\n b 214748364:-21474836 rwm\n\nthough a major/minor number of 0x800000000 is meaningless, we\nshould not cast it to a negative value.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d823f6bfec2844493c05961133895de21fa0e02d", "tree": "853fac4a97ab842f9ee52adfbf72297e8b90688d", "parents": [ "26ff8c697a2c8f6974c2357d3f01cca91b20c964" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Fri Jul 04 10:00:07 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 04 10:40:10 2008 -0700" }, "message": "devcgroup: fix odd behaviour when writing \u0027a\u0027 to devices.allow\n\n # cat /devcg/devices.list\n a *:* rwm\n # echo a \u003e devices.allow\n # cat /devcg/devices.list\n a *:* rwm\n a 0:0 rwm\n\nThis is odd and maybe confusing. With this patch, writing \u0027a\u0027 to\ndevices.allow will add \u0027a *:* rwm\u0027 to the whitelist.\n\nAlso a few fixes and updates to the document.\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d1ee2971f5bd8a16bc5ecfe1b00e14b4fe407c4f", "tree": "733c51b66dda47216ca1526fdd85004206fd0ec8", "parents": [ "7db9cfd380205f6b50afdc3bc3619f876a5eaf0d" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Jun 05 22:46:28 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jun 06 11:29:11 2008 -0700" }, "message": "devscgroup: make white list more compact in some cases\n\nConsider you added a \u0027c foo:bar r\u0027 permission to some cgroup and then (a\nbit later) \u0027c\u0027foo:bar w\u0027 for it. After this you\u0027ll see the\n\nc foo:bar r\nc foo:bar w\n\nlines in a devices.list file.\n\nAnother example - consider you added 10 \u0027c foo:bar r\u0027 permissions to some\ncgroup (e.g. by mistake). After this you\u0027ll see 10 c foo:bar r lines in\na list file.\n\nThis is weird. This situation also has one more annoying consequence.\nHaving many items in a white list makes permissions checking slower, sine\nit has to walk a longer list.\n\nThe proposal is to merge permissions for items, that correspond to the\nsame device.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cc9cb219aac24ffc711566c8f372c2b3a3bf840f", "tree": "efa678227596922a00b2a7744c33707041c78316", "parents": [ "b66862f7663332aa1ecb3ebda4086360ddb8befc" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Jun 05 22:46:26 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jun 06 11:29:11 2008 -0700" }, "message": "devscgroup: relax task to dev_cgroup conversion\n\nTwo functions, that need to get a device_cgroup from a task (they are\ndevcgroup_inode_permission and devcgroup_inode_mknod) make it in a strange\nway:\n\nThey get a css_set from task, then a subsys_state from css_set, then a\ncgroup from the state and then a subsys_state again from the cgroup.\nBesides, the devices_subsys_id is read from memory, whilst there\u0027s a\nenum-ed constant for it.\n\nOptimize this part a bit:\n1. Get the subsys_stats form the task and be done - no 2 extra\n dereferences,\n2. Use the device_subsys_id constant, not the value from memory\n (i.e. one less dereference).\n\nFound while preparing 2.6.26 OpenVZ port.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b66862f7663332aa1ecb3ebda4086360ddb8befc", "tree": "8ba5a907f4bafad460cef4d6c573b9f5aae957e5", "parents": [ "93b071139a956e51c98cdefd50a47981a4eb852e" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Jun 05 22:46:24 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jun 06 11:29:11 2008 -0700" }, "message": "devcgroup: make a helper to convert cgroup_subsys_state to devs_cgroup\n\nThis is just picking the container_of out of cgroup_to_devcgroup into a\nseparate function.\n\nThis new css_to_devcgroup will be used in the 2nd patch.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "29486df325e1fe6e1764afcb19e3370804c2b002", "tree": "d69a96bb829940f3ae5171fde481edb20a9e468a", "parents": [ "28fd5dfc12bde391981dfdcf20755952b6e916af" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Tue Apr 29 01:00:14 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:10 2008 -0700" }, "message": "cgroups: introduce cft-\u003eread_seq()\n\nIntroduce a read_seq() helper in cftype, which uses seq_file to print out\nlists. Use it in the devices cgroup. Also split devices.allow into two\nfiles, so now devices.deny and devices.allow are the ones to use to manipulate\nthe whitelist, while devices.list outputs the cgroup\u0027s current whitelist.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "08ce5f16ee466ffc5bf243800deeecd77d9eaf50", "tree": "8fb921137a677d463f11727dab7e683db426b810", "parents": [ "d447ea2f30ec60370ddb99a668e5ac12995f043d" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Tue Apr 29 01:00:10 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:09 2008 -0700" }, "message": "cgroups: implement device whitelist\n\nImplement a cgroup to track and enforce open and mknod restrictions on device\nfiles. A device cgroup associates a device access whitelist with each cgroup.\n A whitelist entry has 4 fields. \u0027type\u0027 is a (all), c (char), or b (block).\n\u0027all\u0027 means it applies to all types and all major and minor numbers. Major\nand minor are either an integer or * for all. Access is a composition of r\n(read), w (write), and m (mknod).\n\nThe root device cgroup starts with rwm to \u0027all\u0027. A child devcg gets a copy of\nthe parent. Admins can then remove devices from the whitelist or add new\nentries. A child cgroup can never receive a device access which is denied its\nparent. However when a device access is removed from a parent it will not\nalso be removed from the child(ren).\n\nAn entry is added using devices.allow, and removed using\ndevices.deny. For instance\n\n\techo \u0027c 1:3 mr\u0027 \u003e /cgroups/1/devices.allow\n\nallows cgroup 1 to read and mknod the device usually known as\n/dev/null. Doing\n\n\techo a \u003e /cgroups/1/devices.deny\n\nwill remove the default \u0027a *:* mrw\u0027 entry.\n\nCAP_SYS_ADMIN is needed to change permissions or move another task to a new\ncgroup. A cgroup may not be granted more permissions than the cgroup\u0027s parent\nhas. Any task can move itself between cgroups. This won\u0027t be sufficient, but\nwe can decide the best way to adequately restrict movement later.\n\n[akpm@linux-foundation.org: coding-style fixes]\n[akpm@linux-foundation.org: fix may-be-used-uninitialized warning]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nLooks-good-to: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Daniel Hokka Zakrisson \u003cdaniel@hozac.com\u003e\nCc: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" } ] }