[Devel] [PATCH RHEL7 COMMIT] ve: revise permissions to allow mount smth
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Sep 8 01:47:01 PDT 2015
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.6.8
------>
commit 68cf9d3cff9993ae2793c53661721b89d1b2895b
Author: Andrew Vagin <avagin at openvz.org>
Date: Tue Sep 8 12:47:01 2015 +0400
ve: revise permissions to allow mount smth
reverts commit
d492bfa387237 ("ve/vfs: allow mount/umount, pivot_root with CAP_VE_SYS_ADMIN")
Return back to the behavior of the upstream kernel.
Currently we use mount namespaces and need nothing special here.
https://jira.sw.ru/browse/PSBM-39077
Signed-off-by: Andrew Vagin <avagin at virtuozzo.com>
Reviewed-by: Vladimir Davydov <vdavydov at virtuozzo.com>
---
fs/namespace.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 593b262..77a1ede 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1306,9 +1306,7 @@ static int do_umount(struct mount *mnt, int flags)
*/
static inline bool may_mount(void)
{
- return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN) ||
- nsown_capable(CAP_SYS_ADMIN) ||
- nsown_capable(CAP_VE_SYS_ADMIN);
+ return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN);
}
/*
More information about the Devel
mailing list