cgroup-deviceテスト
2171 ワード
The devices subsystem allows or denies access to devices by tasks in a cgroup.
devices.allow
specifies devices to which tasks in a cgroup have access. Each entry has four fields:type,major, minor, and access. The values used in the type, major, and minor fields correspondto device types and node numbers specified in Linux Allocated Devices,
type type can have one of the following three values: a — applies to all devices, both character devices and block devices b — specifies a block device c — specifies a character device
major, minor major and minor are device node numbers specified by Linux Allocated Devices. The major and minor numbers are separated by a colon. For example, 8 is the major number that specifies SCSI disk drives, and the minor number 1 specifies the first partition on the first SCSI disk drive; therefore 8:1 fully specifies this partition,corresponding to a file system location of/dev/sda1.
* can stand for all major or all minor device nodes, for example 9:* (all RAID devices) or * :* (all devices).
access access is a sequence of one or more of the following letters: r — allows tasks to read from the specified device w — allows tasks to write to the specified device m — allows tasks to create device files that do not yet exist For example, when access is specified as r, tasks can only read from the specified device, but when access is specified as rw, tasks can read from and write to the device.
devices.deny specifies devices that tasks in a cgroup cannot access. T he syntax of entries is identical with devices.allow.
/devices/cgroupディレクトリの下にディレクトリfirstを作成し、デバイス読み取り禁止を設定します.
別の端末に設定:
次のヒントが表示されます.
devices.allow
specifies devices to which tasks in a cgroup have access. Each entry has four fields:type,major, minor, and access. The values used in the type, major, and minor fields correspondto device types and node numbers specified in Linux Allocated Devices,
type type can have one of the following three values: a — applies to all devices, both character devices and block devices b — specifies a block device c — specifies a character device
major, minor major and minor are device node numbers specified by Linux Allocated Devices. The major and minor numbers are separated by a colon. For example, 8 is the major number that specifies SCSI disk drives, and the minor number 1 specifies the first partition on the first SCSI disk drive; therefore 8:1 fully specifies this partition,corresponding to a file system location of/dev/sda1.
* can stand for all major or all minor device nodes, for example 9:* (all RAID devices) or * :* (all devices).
access access is a sequence of one or more of the following letters: r — allows tasks to read from the specified device w — allows tasks to write to the specified device m — allows tasks to create device files that do not yet exist For example, when access is specified as r, tasks can only read from the specified device, but when access is specified as rw, tasks can read from and write to the device.
devices.deny specifies devices that tasks in a cgroup cannot access. T he syntax of entries is identical with devices.allow.
/devices/cgroupディレクトリの下にディレクトリfirstを作成し、デバイス読み取り禁止を設定します.
root@ubuntu:/sys/fs/cgroup/devices# mkdir first
root@ubuntu:/sys/fs/cgroup/devices/first# echo "a 1:5 r" > devices.deny別の端末に設定:
root@ubuntu:~# cgexec -g devices:first dd if=/dev/zero of=zero bs=1M count=128 &次のヒントが表示されます.
[1] 8973
root@ubuntu:~# dd: "/dev/zero":