[Devel] [PATCH RH9 05/16] ve/sysctl/pidns: allow to change sysctl "ns_last_pid" from containers
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Tue Sep 28 15:40:55 MSK 2021
From: Andrew Vagin <avagin at openvz.org>
ns_last_pid belongs to pidns, so it's safe.
Signed-off-by: Andrew Vagin <avagin at openvz.org>
(cherry picked from commit 7a98fd7389e05adeed6b1dba2766066b06db8992)
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
(cherry picked from vz8 commit 290b207fd39e94781e99dd3f8d2fbe35e64be81f)
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
kernel/pid_namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index 51897deed16e..93d3ef4ee88f 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -292,7 +292,7 @@ static struct ctl_table pid_ns_ctl_table[] = {
{
.procname = "ns_last_pid",
.maxlen = sizeof(int),
- .mode = 0666, /* permissions are checked in the handler */
+ .mode = 0666 | S_ISVTX, /* permissions are checked in the handler */
.proc_handler = pid_ns_ctl_handler,
.extra1 = SYSCTL_ZERO,
.extra2 = &pid_max,
--
2.31.1
More information about the Devel
mailing list