[Devel] [PATCH RH9 25/28] ve/time/ntp: allow CT ntp adjustment time tuning under VE_FEATURE_TIME feature

Andrey Zhadchenko andrey.zhadchenko at virtuozzo.com
Thu Oct 14 13:33:33 MSK 2021 

From: Konstantin Khorenko <khorenko at virtuozzo.com>

ntp service uses clock adjustment algorithm (sys_adjtimex()),
so allow it in a Container with VE_FEATURE_TIME feature assigned.

https://jira.sw.ru/browse/PSBM-94635
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>

https://jira.sw.ru/browse/PSBM-127846
(cherry-picked from vz7 commit dee0301a8848 ("ve/time/ntp: allow CT ntp
adjustment time tuning under VE_FEATURE_TIME feature"))
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>

(cherry picked from vz8 commit d0bba429c03cf20e4e344b12b8dd1c8d298b4575)
Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
 kernel/time/timekeeping.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index e5c4800..b7235ac 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -23,6 +23,8 @@
 #include <linux/compiler.h>
 #include <linux/audit.h>
 
+#include <uapi/linux/vzcalluser.h>
+
 #include "tick-internal.h"
 #include "ntp_internal.h"
 #include "timekeeping_internal.h"
@@ -2324,11 +2326,12 @@ static int timekeeping_validate_timex(const struct __kernel_timex *txc)
 		if (!(txc->modes & ADJ_OFFSET_SINGLESHOT))
 			return -EINVAL;
 		if (!(txc->modes & ADJ_OFFSET_READONLY) &&
-		    !capable(CAP_SYS_TIME))
+		    !feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
 			return -EPERM;
 	} else {
 		/* In order to modify anything, you gotta be super-user! */
-		if (txc->modes && !capable(CAP_SYS_TIME))
+		if (txc->modes &&
+		    !feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
 			return -EPERM;
 		/*
 		 * if the quartz is off by more than 10% then
@@ -2342,7 +2345,7 @@ static int timekeeping_validate_timex(const struct __kernel_timex *txc)
 
 	if (txc->modes & ADJ_SETOFFSET) {
 		/* In order to inject time, you gotta be super-user! */
-		if (!capable(CAP_SYS_TIME))
+		if (!feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
 			return -EPERM;
 
 		/*
-- 
1.8.3.1

More information about the Devel mailing list