Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/libsnap-confine-private: move device cgroup files, add helper to deny a device #10576

Merged
merged 4 commits into from
Aug 5, 2021
Merged

cmd/libsnap-confine-private: move device cgroup files, add helper to deny a device #10576

merged 4 commits into from
Aug 5, 2021

Conversation

bboozzoo
Copy link
Collaborator

Preparation for reimplementation of snap-device-helper and more device cgroup changes

@bboozzoo
cmd/snap-confine: move cgroup support to separate files
9bcf57b 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
cmd/snap-confine: move device cgroup support to libsnap-confine-private
4ef45a4 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
cmd/libsnap-confine-private: helper to deny a device in device cgroup…
b1756d6 
… (v1)

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo bboozzoo added cgroupv2 Needs security review Can only be merged once security gave a :+1: Security-High labels Jul 29, 2021
@bboozzoo bboozzoo mentioned this pull request Jul 29, 2021
Merged
mvo5
mvo5 approved these changes Jul 29, 2021
View reviewed changes
Copy link
Contributor

@mvo5 mvo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you. The first two commits just move code around and the changes in the last one look fine.

cmd/libsnap-confine-private/device-cgroup-support.c
@@ -136,6 +144,16 @@ int sc_device_cgroup_allow(sc_device_cgroup *self, int kind, int major, int mino
return 0;
}

int sc_device_cgroup_deny(sc_device_cgroup *self, int kind, int major, int minor) {
if (kind != S_IFCHR && kind != S_IFBLK) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this new check

stolowski
stolowski approved these changes Jul 30, 2021
View reviewed changes
Copy link
Contributor

@stolowski stolowski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

mardy
mardy approved these changes Aug 2, 2021
View reviewed changes
Copy link
Contributor

@mardy mardy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

alexmurray
alexmurray approved these changes Aug 4, 2021
View reviewed changes
Copy link
Collaborator

@alexmurray alexmurray left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@alexmurray alexmurray removed Needs security review Can only be merged once security gave a :+1: Security-High labels Aug 4, 2021
@mvo5 mvo5 merged commit 58504e3 into snapcore:master Aug 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexmurray alexmurray alexmurray approved these changes

@mardy mardy mardy approved these changes

@stolowski stolowski stolowski approved these changes

@mvo5 mvo5 mvo5 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@bboozzoo @alexmurray @mardy @stolowski @mvo5