[Devel] [PATCH RHEL COMMIT] ve/kernel: allow to increase rlimit from inside container

Fri Sep 24 14:50:17 MSK 2021

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit ee29c89469aa3659227af2806b4c196f19fdd4f9
Author: Vladimir Davydov <vdavydov.dev at gmail.com>
Date:   Fri Sep 24 14:50:17 2021 +0300

    ve/kernel: allow to increase rlimit from inside container
    
    This works on PCS6, so we should allow it on Vz7 either.
    
    https://jira.sw.ru/browse/PSBM-43410
    
    Signed-off-by: Vladimir Davydov <vdavydov at virtuozzo.com>
    
    https://jira.sw.ru/browse/PSBM-133986
    
    (cherry picked from commit 23eff01c369131f7e4cab1c37de1c253266d5039)
    Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
---
 kernel/sys.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/sys.c b/kernel/sys.c
index ef1a78f5d71c..cc01e2d60e08 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -61,6 +61,7 @@
 #include <linux/rcupdate.h>
 #include <linux/uidgid.h>
 #include <linux/cred.h>
+#include <linux/ve.h>
 
 #include <linux/nospec.h>
 
@@ -1587,7 +1588,7 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
 		/* Keep the capable check against init_user_ns until
 		   cgroups can contain all limits */
 		if (new_rlim->rlim_max > rlim->rlim_max &&
-				!capable(CAP_SYS_RESOURCE))
+				!ve_capable(CAP_SYS_RESOURCE))
 			retval = -EPERM;
 		if (!retval)
 			retval = security_task_setrlimit(tsk, resource, new_rlim);
