[Devel] [PATCH rh7 0/3] ve/time: allow date/time management from trusted Containers
Andrey Ryabinin
aryabinin at virtuozzo.com
Fri May 24 17:47:42 MSK 2019
On 5/24/19 2:32 PM, Konstantin Khorenko wrote:
> There is a need to run ntp service inside trusted Containers,
> so let's introduce an appropriate feature for that.
>
> Note: date/time is NOT virtualized, so the Container with such a feature can
> change global date/time for the Hardware Node and all hosted Containers.
>
> https://jira.sw.ru/browse/PSBM-94635
>
> Konstantin Khorenko (3):
> ve/capability: introduce capable() wrapper which honors CT features
> ve/time: introduce CT feature to allow setting date/time
> ve/time/ntp: allow CT ntp adjustment time tuning under VE_FEATURE_TIME
> feature
>
> include/linux/capability.h | 1 +
> include/uapi/linux/vzcalluser.h | 1 +
> kernel/capability.c | 13 +++++++++++++
> kernel/time/ntp.c | 10 +++++++---
> security/commoncap.c | 4 +++-
> 5 files changed, 25 insertions(+), 4 deletions(-)
>
Reviewed-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
More information about the Devel
mailing list