[systemd-devel] DeviceAllow
Lennart Poettering
lennart at poettering.net
Tue Dec 18 08:52:13 PST 2012
On Mon, 17.12.12 16:50, Juan Orti Alcaine (j.orti.alcaine at gmail.com) wrote:
> Hello,
>
> I'm testing some of the security measures described in this post [1], and I'm
> having problems with the DeviceAllow directive.
>
> If I get it right, if I allow one access, all the remaining devices are
> disallowed. But my tests show otherwise. The man page doesn't talk about this
> behavior.
>
> Have I hit a bug, or does it work as intended?
Note that DeviceAllow= and DeviceDeny= is a pretty straight-forward
interface for the devices.allow and devices.deny cgroup attribute.
Please have a look on
http://www.kernel.org/doc/Documentation/cgroups/devices.txt how to use
those.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list