[Devel] [PATCH rh7 4/6] proc: allow to set oom_score_adj from inside a container

[Vladimir Davydov]

This security check in oom_score_adj_write was misplaced during the
rebase to RH7. Originally it targeted at oom_adj_write. However, instead
of moving it to oom_adj_write I completely remove it, because there is
absolutely no reason to forbid setting oom_adj while allowing to tweak
oom_score_adj, because the former is just a legacy API for the latter.

Anyway, with the previous patch applied it is safe to allow a container
to set oom_score_adj/oom_adj, because their values are only relevant to
local OOM, while on system-wide OOM they are simply ignored.

Signed-off-by: Vladimir Davydov <vdavydov at parallels.com>
---
 fs/proc/base.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 3f2b4d96fd25..25dc5279880c 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1093,8 +1093,6 @@ static ssize_t oom_score_adj_write(struct file *file, const char __user *buf,
 		err = -EINVAL;
 		goto out;
 	}
-	if (!ve_is_super(get_exec_env()))
-		goto out;
 
 	task = get_proc_task(file_inode(file));
 	if (!task) {
-- 
2.1.4