[Devel] [PATCH 1/3] cred: add ve_capable to check capabilities relative to the current VE
Vladimir Davydov
vdavydov at parallels.com
Fri Aug 28 06:27:41 PDT 2015
On Fri, Aug 28, 2015 at 05:20:01PM +0400, Andrew Vagin wrote:
> +bool ve_capable(int cap)
> +{
> + return ns_capable(get_exec_env()->init_cred->user_ns, cap);
> +}
init_cred is set in ve_grab_context, which means that if a task
occasionally uses ve_capable() before writing START to ve.state, the
kernel will panic. Please add a sanity check, which will make
ve_capable() fall back on capable() if init_cred is not available.
More information about the Devel
mailing list