[Devel] [PATCH rh7] proc: Use ve_capable() in oom_score_adj_write()

[Kirill Tkhai]

Priviliged processes inside VE should be able
to configure /proc/$PID/oom_score_adj. But they can't
since we use user_ns, and they do not have CAP_SYS_RESOURCE
in init_user_ns.

Use ve_capable() instead.

https://jira.sw.ru/browse/PSBM-40359

Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
---
 fs/proc/base.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index b574498..57df314 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1109,7 +1109,7 @@ static ssize_t oom_score_adj_write(struct file *file, const char __user *buf,
 	}
 
 	if ((short)oom_score_adj < task->signal->oom_score_adj_min &&
-			!capable(CAP_SYS_RESOURCE)) {
+			!ve_capable(CAP_SYS_RESOURCE)) {
 		err = -EACCES;
 		goto err_sighand;
 	}