[Devel] [PATCH RH7] fs: allow to remount from ve user ns
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Mon Oct 19 06:38:00 PDT 2015
docker 1.9.0-rc1+ makes bindmounts for cgroups, in non-privileged
container it remounts cgroup root(/sys/fs/cgroup) tmpfs readonly.
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
fs/namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 1377488..8909c13 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1994,7 +1994,7 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
down_write(&sb->s_umount);
if (flags & MS_BIND)
err = change_mount_flags(path->mnt, flags);
- else if (!capable(CAP_SYS_ADMIN))
+ else if (!ve_capable(CAP_SYS_ADMIN))
err = -EPERM;
else
err = do_check_and_remount_sb(sb, flags, data);
--
1.9.3
More information about the Devel
mailing list