Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

Explicitly deny any access to the nvdimm root partition #791

Closed
amshinde opened this issue Jun 3, 2020 · 0 comments · Fixed by #792
Closed

Explicitly deny any access to the nvdimm root partition #791

amshinde opened this issue Jun 3, 2020 · 0 comments · Fixed by #792
Labels
bug Incorrect behaviour needs-review Needs to be assessed by the team.

Comments

@amshinde
Copy link
Member

amshinde commented Jun 3, 2020

Explicitly deny any access to the nvdimm root partition by adding the nvdimm device to the device cgroup.
@amshinde amshinde added bug Incorrect behaviour needs-review Needs to be assessed by the team. labels Jun 3, 2020
amshinde added a commit to amshinde/agent-1 that referenced this issue Jun 3, 2020
@amshinde
device: Do not allow container access to the nvdimm rootfs
75e275f 
With this change, a container is not longer given access to
the underlying nvdimm root partition.
This is done by explicitly adding the nvdimm root partition
to the device cgroup of the container.

Fixes kata-containers#791

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
@amshinde amshinde mentioned this issue Jun 3, 2020
Merged
amshinde added a commit to amshinde/agent-1 that referenced this issue Jun 3, 2020
@amshinde
device: Do not allow container access to the nvdimm rootfs
a88af32 
With this change, a container is not longer given access to
the underlying nvdimm root partition.
This is done by explicitly adding the nvdimm root partition
to the device cgroup of the container.

Fixes kata-containers#791

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
amshinde added a commit to amshinde/agent-1 that referenced this issue Jun 3, 2020
@amshinde
device: Do not allow container access to the nvdimm rootfs
2590fe1 
With this change, a container is not longer given access to
the underlying nvdimm root partition.
This is done by explicitly adding the nvdimm root partition
to the device cgroup of the container.

Fixes kata-containers#791

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
(cherry picked from commit a88af32)
amshinde added a commit to amshinde/agent-1 that referenced this issue Jun 3, 2020
@amshinde
device: Do not allow container access to the nvdimm rootfs
b863695 
With this change, a container is not longer given access to
the underlying nvdimm root partition.
This is done by explicitly adding the nvdimm root partition
to the device cgroup of the container.

Fixes kata-containers#791

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
(cherry picked from commit a88af32)
@amshinde amshinde mentioned this issue Jun 3, 2020
Merged
amshinde added a commit to amshinde/agent-1 that referenced this issue Jun 3, 2020
@amshinde
device: Do not allow container access to the nvdimm rootfs
faec7c3 
With this change, a container is not longer given access to
the underlying nvdimm root partition.
This is done by explicitly adding the nvdimm root partition
to the device cgroup of the container.

Fixes kata-containers#791

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
(cherry picked from commit a88af32)
@amshinde amshinde mentioned this issue Jun 3, 2020
Merged
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
bug Incorrect behaviour needs-review Needs to be assessed by the team.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

device: Do not allow container access to the nvdimm rootfs amshinde/agent-1
1 participant
@amshinde