[Devel] [PATCH RHEL7 COMMIT] ve/proc: allow to set oom_score_adj from inside a container
Konstantin Khorenko
khorenko at virtuozzo.com
Mon Jun 8 09:10:17 PDT 2015
The commit is pushed to "branch-rh7-3.10.0-123.1.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-123.1.2.vz7.5.11
------>
commit cf229e8532be8bfe7b48dcd789df51a604adfc0f
Author: Vladimir Davydov <vdavydov at parallels.com>
Date: Mon Jun 8 20:10:17 2015 +0400
ve/proc: allow to set oom_score_adj from inside a container
Series description:
This patch /proc/PID/{oom_score_adj,oom_adj,oom_score} behavior inside a
CT, resurrecting /proc/vz/oom_score_adj along the way. For more details,
see individual patches.
https://jira.sw.ru/browse/PSBM-33849
====================================================================
This patch description:
This security check in oom_score_adj_write was misplaced during the
rebase to RH7. Originally it targeted at oom_adj_write. However, instead
of moving it to oom_adj_write I completely remove it, because there is
absolutely no reason to forbid setting oom_adj while allowing to tweak
oom_score_adj, because the former is just a legacy API for the latter.
Anyway, with the previous patch applied it is safe to allow a container
to set oom_score_adj/oom_adj, because their values are only relevant to
local OOM, while on system-wide OOM they are simply ignored.
Signed-off-by: Vladimir Davydov <vdavydov at parallels.com>
Acked-by: Andrew Vagin <avagin at odin.com>
---
fs/proc/base.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index ef44051..08d4a62 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1092,8 +1092,6 @@ static ssize_t oom_score_adj_write(struct file *file, const char __user *buf,
err = -EINVAL;
goto out;
}
- if (!ve_is_super(get_exec_env()))
- goto out;
task = get_proc_task(file_inode(file));
if (!task) {
More information about the Devel
mailing list