summaryrefslogtreecommitdiff
path: root/src/core/dbus-cgroup.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-02-22 02:47:29 +0100
committerLennart Poettering <lennart@poettering.net>2014-02-22 03:05:34 +0100
commit90060676c442604780634c0a993e3f9c3733f8e6 (patch)
treeb9a4ea6ffee5bcffdf63f3034f7c460f5559c30f /src/core/dbus-cgroup.c
parent1620510ada018f1e1f0be114714826f6698501f2 (diff)
cgroup: Extend DeviceAllow= syntax to whitelist groups of devices, not just particular devices nodes
Diffstat (limited to 'src/core/dbus-cgroup.c')
-rw-r--r--src/core/dbus-cgroup.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index 792f37eef5..b8a77254d9 100644
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -442,8 +442,11 @@ int bus_cgroup_set_property(
while ((r = sd_bus_message_read(message, "(ss)", &path, &rwm)) > 0) {
- if (!path_startswith(path, "/dev"))
- return sd_bus_error_set_errnof(error, EINVAL, "DeviceAllow= requires device node");
+ if ((!startswith(path, "/dev/") &&
+ !startswith(path, "block-") &&
+ !startswith(path, "char-")) ||
+ strpbrk(path, WHITESPACE))
+ return sd_bus_error_set_errnof(error, EINVAL, "DeviceAllow= requires device node");
if (isempty(rwm))
rwm = "rwm";