[Devel] [PATCH] cred: add ve_capable to check capabilities relative to the current VE (v2)

Vladimir Davydov vdavydov at parallels.com
Tue Sep 1 06:46:10 PDT 2015


On Tue, Sep 01, 2015 at 04:59:59PM +0400, Andrew Vagin wrote:
> We want to allow a few operations in VE. Currently we use nsown_capable,
> but it's wrong, because in this case we allow these operations in any
> user namespace.
> 
> v2: take ve0->cred if the currect ve isn't running
> 
> Signed-off-by: Andrew Vagin <avagin at openvz.org>

Reviewed-by: Vladimir Davydov <vdavydov at parallels.com>



More information about the Devel mailing list