[Devel] [PATCH RHEL7 COMMIT] ve/proc: Use ve_capable() in oom_score_adj_write()
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Oct 20 08:01:57 PDT 2015
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.9.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.9
------>
commit ada22ff01dd731869dd3a64d900e30f2be14f902
Author: Kirill Tkhai <ktkhai at odin.com>
Date: Tue Oct 20 19:01:57 2015 +0400
ve/proc: Use ve_capable() in oom_score_adj_write()
Priviliged processes inside VE should be able
to configure /proc/$PID/oom_score_adj. But they can't
since we use user_ns, and they do not have CAP_SYS_RESOURCE
in init_user_ns.
Use ve_capable() instead.
https://jira.sw.ru/browse/PSBM-40359
Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
Reviewed-by: Vladimir Davydov <vdavydov at virtuozzo.com>
---
fs/proc/base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index b5f3a70..b597b01 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1109,7 +1109,7 @@ static ssize_t oom_score_adj_write(struct file *file, const char __user *buf,
}
if ((short)oom_score_adj < task->signal->oom_score_adj_min &&
- !capable(CAP_SYS_RESOURCE)) {
+ !ve_capable(CAP_SYS_RESOURCE)) {
err = -EACCES;
goto err_sighand;
}
More information about the Devel
mailing list