[Devel] [PATCH RHEL7 COMMIT] ve/fs/locks: Make CAP_LEASE work in containers
Konstantin Khorenko
khorenko at virtuozzo.com
Fri Apr 29 06:39:25 PDT 2016
The commit is pushed to "branch-rh7-3.10.0-327.10.1.vz7.12.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.10.1.vz7.12.15
------>
commit 0944de0f22af4201224b2469647808352330a2a0
Author: Evgenii Shatokhin <eshatokhin at virtuozzo.com>
Date: Fri Apr 29 17:39:25 2016 +0400
ve/fs/locks: Make CAP_LEASE work in containers
Allowing the privileged processes in the containers to set leases on
arbitrary files seems to make no harm. Let us make CAP_LEASE work there.
https://jira.sw.ru/browse/PSBM-46199
Signed-off-by: Evgenii Shatokhin <eshatokhin at virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov at openvz.org>
---
fs/locks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/locks.c b/fs/locks.c
index 93c097b..82e9bc3 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1693,7 +1693,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp,
struct inode *inode = dentry->d_inode;
int error;
- if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
+ if ((!uid_eq(current_fsuid(), inode->i_uid)) && !ve_capable(CAP_LEASE))
return -EACCES;
if (!S_ISREG(inode->i_mode))
return -EINVAL;
More information about the Devel
mailing list