[Devel] [PATCH rh7] autofs: fix capability check in _autofs_dev_ioctl()
Stanislav Kinsburskiy
skinsbursky at virtuozzo.com
Mon Nov 9 09:18:51 PST 2015
Allow /dev/autofs ioctl's in a container.
To enable AutoFS support in a container, the following have to be performed:
1) Allow "/dev/autofs" device in a container:
echo "c 10:235 rwm" > /sys/fs/cgroup/devices/CTID/devices.allow
2) Create device node in container via tmpfiles.d:
# cat /etc/tmpfiles.d/device-autofs.conf
c /dev/autofs 0700 root root - 10:235
Jira: https://jira.sw.ru/browse/PSBM-26968
Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
---
fs/autofs4/dev-ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c
index 6ed2fbf..c68dc86 100644
--- a/fs/autofs4/dev-ioctl.c
+++ b/fs/autofs4/dev-ioctl.c
@@ -611,7 +611,7 @@ static int _autofs_dev_ioctl(unsigned int command, struct autofs_dev_ioctl __use
int err = 0;
/* only root can play with this */
- if (!capable(CAP_SYS_ADMIN))
+ if (!ve_capable(CAP_SYS_ADMIN))
return -EPERM;
cmd_first = _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST);
More information about the Devel
mailing list