[Devel] [PATCH] fs/locks: Make CAP_LEASE work in containers
Evgenii Shatokhin
eshatokhin at virtuozzo.com
Tue Apr 26 00:29:34 PDT 2016
26.04.2016 09:30, Konstantin Khorenko пишет:
> Evgenii, please put a reviewer in CC.
I do not know whom to ask for a review this time, so I just sent the
patch to devel at openvz.org.
Any suggestions?
>
> --
> Best regards,
>
> Konstantin Khorenko,
> Virtuozzo Linux Kernel Team
>
> On 04/25/2016 06:22 PM, Evgenii Shatokhin wrote:
>> https://jira.sw.ru/browse/PSBM-46199
>>
>> Allowing the privileged processes in the containers to set leases on
>> arbitrary files seems to make no harm. Let us make CAP_LEASE work there.
>>
>> Signed-off-by: Evgenii Shatokhin <eshatokhin at virtuozzo.com>
>> ---
>> fs/locks.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/fs/locks.c b/fs/locks.c
>> index 93c097b..82e9bc3 100644
>> --- a/fs/locks.c
>> +++ b/fs/locks.c
>> @@ -1693,7 +1693,7 @@ int generic_setlease(struct file *filp, long
>> arg, struct file_lock **flp,
>> struct inode *inode = dentry->d_inode;
>> int error;
>>
>> - if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
>> + if ((!uid_eq(current_fsuid(), inode->i_uid)) &&
>> !ve_capable(CAP_LEASE))
>> return -EACCES;
>> if (!S_ISREG(inode->i_mode))
>> return -EINVAL;
>>
> .
>
More information about the Devel
mailing list