On Sat, Jul 14, 2018 at 8:58 AM Todd Poynor <[email protected]> wrote: > > From: Todd Poynor <[email protected]> > > Always allow root to open device for writing. > > Drop special-casing of ioctl permissions for root vs. owner. > > Reported-by: Dmitry Torokhov <[email protected]> > Signed-off-by: Zhongze Hu <[email protected]> > Signed-off-by: Todd Poynor <[email protected]>
I think this patch is good as is, but as a followup you should create a patch that supports user namespaces, i.e. replaces capable(CAP_SYS_ADMIN) with ns_capable(...) in gasket_open() so you can allow containers to control the device, if necessary. Reviewed-by: Dmitry Torokhov <[email protected]> Thanks, Dmitry _______________________________________________ devel mailing list [email protected] http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
