[Devel] [PATCH RHEL COMMIT] ve/kernel: allow to increase rlimit from inside container
Konstantin Khorenko
khorenko at virtuozzo.com
Fri Sep 24 14:50:17 MSK 2021
The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit ee29c89469aa3659227af2806b4c196f19fdd4f9
Author: Vladimir Davydov <vdavydov.dev at gmail.com>
Date: Fri Sep 24 14:50:17 2021 +0300
ve/kernel: allow to increase rlimit from inside container
This works on PCS6, so we should allow it on Vz7 either.
https://jira.sw.ru/browse/PSBM-43410
Signed-off-by: Vladimir Davydov <vdavydov at virtuozzo.com>
https://jira.sw.ru/browse/PSBM-133986
(cherry picked from commit 23eff01c369131f7e4cab1c37de1c253266d5039)
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
---
kernel/sys.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/sys.c b/kernel/sys.c
index ef1a78f5d71c..cc01e2d60e08 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -61,6 +61,7 @@
#include <linux/rcupdate.h>
#include <linux/uidgid.h>
#include <linux/cred.h>
+#include <linux/ve.h>
#include <linux/nospec.h>
@@ -1587,7 +1588,7 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
/* Keep the capable check against init_user_ns until
cgroups can contain all limits */
if (new_rlim->rlim_max > rlim->rlim_max &&
- !capable(CAP_SYS_RESOURCE))
+ !ve_capable(CAP_SYS_RESOURCE))
retval = -EPERM;
if (!retval)
retval = security_task_setrlimit(tsk, resource, new_rlim);
More information about the Devel
mailing list