[Devel] [PATCH RHEL7 COMMIT] ve/tty: Use ve_capable in vhangup syscall
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Oct 8 01:52:14 PDT 2015
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.4
------>
commit 19dfba5f529f807de085534b8c7ff048007bf514
Author: Cyrill Gorcunov <gorcunov at virtuozzo.com>
Date: Thu Oct 8 12:52:13 2015 +0400
ve/tty: Use ve_capable in vhangup syscall
In centos6 template uses mingetty as a login utility which
calls for vhangup() syscall on startup. And both vanilla
kernel and pcs7 now uses general capable() helper which is
referred to init_user_ns regardless of which caps we setup
for VE itself (the libvzctl sets up CAP_SYS_TTY_CONFIG
properly for ve it simply is not taken into account here)
so the syscall exits with -EPERM causing mingetty to respawn
again and again.
Thus use ve_capable helper instead.
(FWIW in pcs6 we don't have such problem because capable()
helper refers to current_cred directly).
https://jira.sw.ru/browse/PSBM-40053
Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
CC: Vladimir Davydov <vdavydov at virtuozzo.com>
CC: Konstantin Khorenko <khorenko at virtuozzo.com>
CC: Igor Sukhih <igor at parallels.com>
---
fs/open.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/open.c b/fs/open.c
index ffb50fa..b61e3db 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -1115,7 +1115,7 @@ EXPORT_SYMBOL(sys_close);
*/
SYSCALL_DEFINE0(vhangup)
{
- if (capable(CAP_SYS_TTY_CONFIG)) {
+ if (ve_capable(CAP_SYS_TTY_CONFIG)) {
tty_vhangup_self();
return 0;
}
More information about the Devel
mailing list