[Devel] [PATCH 2/3] ve: revise permissions to allow mount smth
Andrew Vagin
avagin at openvz.org
Fri Aug 28 06:20:02 PDT 2015
Return back to the behavior of the upstream kernel.
Currently we use mount namespaces and need nothing special here.
Signed-off-by: Andrew Vagin <avagin at openvz.org>
---
fs/namespace.c | 4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 593b262..77a1ede 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1306,9 +1306,7 @@ static int do_umount(struct mount *mnt, int flags)
*/
static inline bool may_mount(void)
{
- return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN) ||
- nsown_capable(CAP_SYS_ADMIN) ||
- nsown_capable(CAP_VE_SYS_ADMIN);
+ return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN);
}
/*
--
1.7.1
More information about the Devel
mailing list