[Devel] [PATCH RH9 02/11] ve/kernel: allow to increase rlimit from inside container
Alexander Mikhalitsyn
alexander.mikhalitsyn at virtuozzo.com
Thu Sep 23 18:02:26 MSK 2021
From: Vladimir Davydov <vdavydov at virtuozzo.com>
This works on PCS6, so we should allow it on Vz7 either.
https://jira.sw.ru/browse/PSBM-43410
Signed-off-by: Vladimir Davydov <vdavydov at virtuozzo.com>
https://jira.sw.ru/browse/PSBM-133986
(cherry picked from commit 23eff01c369131f7e4cab1c37de1c253266d5039)
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
---
kernel/sys.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/sys.c b/kernel/sys.c
index ef1a78f5d71c..cc01e2d60e08 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -61,6 +61,7 @@
#include <linux/rcupdate.h>
#include <linux/uidgid.h>
#include <linux/cred.h>
+#include <linux/ve.h>
#include <linux/nospec.h>
@@ -1587,7 +1588,7 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
/* Keep the capable check against init_user_ns until
cgroups can contain all limits */
if (new_rlim->rlim_max > rlim->rlim_max &&
- !capable(CAP_SYS_RESOURCE))
+ !ve_capable(CAP_SYS_RESOURCE))
retval = -EPERM;
if (!retval)
retval = security_task_setrlimit(tsk, resource, new_rlim);
--
2.31.1
More information about the Devel
mailing list