[Devel] [PATCH RHEL8 COMMIT] ve/fs: allow to mknod inside a Container
Konstantin Khorenko
khorenko at virtuozzo.com
Wed Jan 22 18:07:17 MSK 2020
The commit is pushed to "branch-rh8-4.18.0-80.1.2.vz8.3.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-80.1.2.vz8.3.1
------>
commit f0a4b45fea16290100e8d9b7ab2fd39f2eb95347
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date: Wed Jan 22 18:02:28 2020 +0300
ve/fs: allow to mknod inside a Container
See commit message of the 6fa346a6cacc ("ms/Revert "vfs: Allow userns
root to call mknod on owned filesystems."")
Despite that warning we always had such a behavior (mknod succeeds but
later open() can fail) and never had a problem because of that, so let it
be the same until we face the problem.
https://jira.sw.ru/browse/PSBM-100581
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
fs/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namei.c b/fs/namei.c
index 07ce37de342a..a131d90b46d4 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3700,7 +3700,7 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
if (error)
return error;
- if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
+ if ((S_ISCHR(mode) || S_ISBLK(mode)) && !ve_capable(CAP_MKNOD))
return -EPERM;
if (!dir->i_op->mknod)
More information about the Devel
mailing list