[Devel] [PATCH] fs/locks: Make CAP_LEASE work in containers
Konstantin Khorenko
khorenko at virtuozzo.com
Mon Apr 25 23:30:28 PDT 2016
Evgenii, please put a reviewer in CC.
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
On 04/25/2016 06:22 PM, Evgenii Shatokhin wrote:
> https://jira.sw.ru/browse/PSBM-46199
>
> Allowing the privileged processes in the containers to set leases on
> arbitrary files seems to make no harm. Let us make CAP_LEASE work there.
>
> Signed-off-by: Evgenii Shatokhin <eshatokhin at virtuozzo.com>
> ---
> fs/locks.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/locks.c b/fs/locks.c
> index 93c097b..82e9bc3 100644
> --- a/fs/locks.c
> +++ b/fs/locks.c
> @@ -1693,7 +1693,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp,
> struct inode *inode = dentry->d_inode;
> int error;
>
> - if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
> + if ((!uid_eq(current_fsuid(), inode->i_uid)) && !ve_capable(CAP_LEASE))
> return -EACCES;
> if (!S_ISREG(inode->i_mode))
> return -EINVAL;
>
More information about the Devel
mailing list