[Devel] [PATCH RHEL9 COMMIT] ve/time/ntp: allow CT ntp adjustment time tuning under VE_FEATURE_TIME feature

Konstantin Khorenko khorenko at virtuozzo.com
Wed Oct 20 11:40:48 MSK 2021 

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-4.vz9.10.12
------>
commit 7313142ce3326582174261624cc2e381d8fd6729
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date:   Wed Oct 20 11:40:48 2021 +0300

    ve/time/ntp: allow CT ntp adjustment time tuning under VE_FEATURE_TIME feature
    
    ntp service uses clock adjustment algorithm (sys_adjtimex()),
    so allow it in a Container with VE_FEATURE_TIME feature assigned.
    
    https://jira.sw.ru/browse/PSBM-94635
    Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
    
    https://jira.sw.ru/browse/PSBM-127846
    (cherry-picked from vz7 commit dee0301a8848 ("ve/time/ntp: allow CT ntp
    adjustment time tuning under VE_FEATURE_TIME feature"))
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    
    (cherry picked from vz8 commit d0bba429c03cf20e4e344b12b8dd1c8d298b4575)
    Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
 kernel/time/timekeeping.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index e5c4800447d7..b7235ac3b95e 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -23,6 +23,8 @@
 #include <linux/compiler.h>
 #include <linux/audit.h>
 
+#include <uapi/linux/vzcalluser.h>
+
 #include "tick-internal.h"
 #include "ntp_internal.h"
 #include "timekeeping_internal.h"
@@ -2324,11 +2326,12 @@ static int timekeeping_validate_timex(const struct __kernel_timex *txc)
 		if (!(txc->modes & ADJ_OFFSET_SINGLESHOT))
 			return -EINVAL;
 		if (!(txc->modes & ADJ_OFFSET_READONLY) &&
-		    !capable(CAP_SYS_TIME))
+		    !feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
 			return -EPERM;
 	} else {
 		/* In order to modify anything, you gotta be super-user! */
-		if (txc->modes && !capable(CAP_SYS_TIME))
+		if (txc->modes &&
+		    !feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
 			return -EPERM;
 		/*
 		 * if the quartz is off by more than 10% then
@@ -2342,7 +2345,7 @@ static int timekeeping_validate_timex(const struct __kernel_timex *txc)
 
 	if (txc->modes & ADJ_SETOFFSET) {
 		/* In order to inject time, you gotta be super-user! */
-		if (!capable(CAP_SYS_TIME))
+		if (!feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
 			return -EPERM;
 
 		/*

More information about the Devel mailing list