[Devel] [PATCH RHEL7 COMMIT] ve/autofs: allow /dev/autofs ioctl's in a Container
Konstantin Khorenko
khorenko at virtuozzo.com
Wed Nov 11 06:54:50 PST 2015
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.9.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.9.8
------>
commit f36c58cad299b1f1ad202ea6b5bc9185b34db80a
Author: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
Date: Wed Nov 11 18:54:50 2015 +0400
ve/autofs: allow /dev/autofs ioctl's in a Container
fix capability check in _autofs_dev_ioctl()
To enable AutoFS support in a container, the following have to be performed:
1) Allow "/dev/autofs" device in a container:
echo "c 10:235 rwm" > /sys/fs/cgroup/devices/CTID/devices.allow
2) Create device node in container via tmpfiles.d:
# cat /etc/tmpfiles.d/device-autofs.conf
c /dev/autofs 0700 root root - 10:235
https://jira.sw.ru/browse/PSBM-26968
Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
---
fs/autofs4/dev-ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c
index 6ed2fbf..c68dc86 100644
--- a/fs/autofs4/dev-ioctl.c
+++ b/fs/autofs4/dev-ioctl.c
@@ -611,7 +611,7 @@ static int _autofs_dev_ioctl(unsigned int command, struct autofs_dev_ioctl __use
int err = 0;
/* only root can play with this */
- if (!capable(CAP_SYS_ADMIN))
+ if (!ve_capable(CAP_SYS_ADMIN))
return -EPERM;
cmd_first = _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST);
More information about the Devel
mailing list