devcg: prepare may_access() for hierarchy support
authorAristeu Rozanski <aris@redhat.com>
Fri, 15 Feb 2013 16:55:45 +0000 (11:55 -0500)
committerTejun Heo <tj@kernel.org>
Wed, 20 Mar 2013 14:50:13 +0000 (07:50 -0700)
commitc39a2a3018f8065cb5ea38b0314c1bbedb2cfa0d
treea930f23ff557c701e91e826940d37ad0c9b38fd0
parent26898fdff371d78f122cf15d8732d1d37f2d1338
devcg: prepare may_access() for hierarchy support

Currently may_access() is only able to verify if an exception is valid for the
current cgroup, which has the same behavior. With hierarchy, it'll be also used
to verify if a cgroup local exception is valid towards its cgroup parent, which
might have different behavior.

v2:
- updated patch description
- rebased on top of a new patch to expand the may_access() logic to make it
  more clear
- fixed argument description order in may_access()

Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Aristeu Rozanski <aris@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
security/device_cgroup.c