[Devel] [PATCH RHEL7 COMMIT] ve/fs: allow to remount from ve user ns
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Oct 20 02:19:19 PDT 2015
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.8
------>
commit 356b6dafe49e64d3a4a73494dc295ca78e2cc8ae
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date: Tue Oct 20 13:19:19 2015 +0400
ve/fs: allow to remount from ve user ns
docker 1.9.0-rc1+ makes bindmounts for cgroups, in non-privileged
container it remounts cgroup root(/sys/fs/cgroup) tmpfs readonly.
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Reviewed-by: Vladimir Davydov <vdavydov at virtuozzo.com>
---
fs/namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 1377488..8909c13 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1994,7 +1994,7 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
down_write(&sb->s_umount);
if (flags & MS_BIND)
err = change_mount_flags(path->mnt, flags);
- else if (!capable(CAP_SYS_ADMIN))
+ else if (!ve_capable(CAP_SYS_ADMIN))
err = -EPERM;
else
err = do_check_and_remount_sb(sb, flags, data);
More information about the Devel
mailing list