[Devel] [PATCH RHEL COMMIT] ve/sysctl/ipc: mark as virtualized
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Sep 28 19:31:05 MSK 2021
The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit d805c9d0d617e6fb8213a278c84aeb9f6f896ca0
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date: Tue Sep 28 19:31:05 2021 +0300
ve/sysctl/ipc: mark as virtualized
These sysctls arealready virtualized, thus we can permit writes from a container.
Signed-off-by: Konstantin Khlebnikov <khlebnikov at openvz.org>
+++
VE/SYSCTL: fixup virtualized sysctls
switch sysctls to new api
Signed-off-by: Konstantin Khlebnikov <khlebnikov at openvz.org>
Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
(cherry picked from commit 1b27439f6a3fedd48b5556af6e232d0e05e8f948)
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
Drop making tcp_syncookies immutable as it is per-net now and can be modified.
(cherry picked from vz8 commit 5d12e1371ba7786d50fa0ba4d8f21e0709fe6b31)
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
ipc/ipc_sysctl.c | 34 +++++++++++++++-------------------
kernel/sysctl.c | 10 ++++------
2 files changed, 19 insertions(+), 25 deletions(-)
diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
index 3f312bf2b116..ef0e5a931ef4 100644
--- a/ipc/ipc_sysctl.c
+++ b/ipc/ipc_sysctl.c
@@ -122,21 +122,21 @@ static struct ctl_table ipc_kern_table[] = {
.procname = "shmmax",
.data = &init_ipc_ns.shm_ctlmax,
.maxlen = sizeof(init_ipc_ns.shm_ctlmax),
- .mode = 0644,
+ .mode = 0644 | S_ISVTX,
.proc_handler = proc_ipc_doulongvec_minmax,
},
{
.procname = "shmall",
.data = &init_ipc_ns.shm_ctlall,
.maxlen = sizeof(init_ipc_ns.shm_ctlall),
- .mode = 0644,
+ .mode = 0644 | S_ISVTX,
.proc_handler = proc_ipc_doulongvec_minmax,
},
{
.procname = "shmmni",
.data = &init_ipc_ns.shm_ctlmni,
.maxlen = sizeof(init_ipc_ns.shm_ctlmni),
- .mode = 0644,
+ .mode = 0644 | S_ISVTX,
.proc_handler = proc_ipc_dointvec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = &ipc_mni,
@@ -145,7 +145,7 @@ static struct ctl_table ipc_kern_table[] = {
.procname = "shm_rmid_forced",
.data = &init_ipc_ns.shm_rmid_forced,
.maxlen = sizeof(init_ipc_ns.shm_rmid_forced),
- .mode = 0644,
+ .mode = 0644 | S_ISVTX,
.proc_handler = proc_ipc_dointvec_minmax_orphans,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
@@ -154,7 +154,7 @@ static struct ctl_table ipc_kern_table[] = {
.procname = "msgmax",
.data = &init_ipc_ns.msg_ctlmax,
.maxlen = sizeof(init_ipc_ns.msg_ctlmax),
- .mode = 0644,
+ .mode = 0644 | S_ISVTX,
.proc_handler = proc_ipc_dointvec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_INT_MAX,
@@ -163,7 +163,7 @@ static struct ctl_table ipc_kern_table[] = {
.procname = "msgmni",
.data = &init_ipc_ns.msg_ctlmni,
.maxlen = sizeof(init_ipc_ns.msg_ctlmni),
- .mode = 0644,
+ .mode = 0644 | S_ISVTX,
.proc_handler = proc_ipc_dointvec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = &ipc_mni,
@@ -172,7 +172,7 @@ static struct ctl_table ipc_kern_table[] = {
.procname = "auto_msgmni",
.data = NULL,
.maxlen = sizeof(int),
- .mode = 0644,
+ .mode = 0644 | S_ISVTX,
.proc_handler = proc_ipc_auto_msgmni,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
@@ -181,7 +181,7 @@ static struct ctl_table ipc_kern_table[] = {
.procname = "msgmnb",
.data = &init_ipc_ns.msg_ctlmnb,
.maxlen = sizeof(init_ipc_ns.msg_ctlmnb),
- .mode = 0644,
+ .mode = 0644 | S_ISVTX,
.proc_handler = proc_ipc_dointvec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_INT_MAX,
@@ -190,7 +190,7 @@ static struct ctl_table ipc_kern_table[] = {
.procname = "sem",
.data = &init_ipc_ns.sem_ctls,
.maxlen = 4*sizeof(int),
- .mode = 0644,
+ .mode = 0644 | S_ISVTX,
.proc_handler = proc_ipc_sem_dointvec,
},
#ifdef CONFIG_CHECKPOINT_RESTORE
@@ -198,7 +198,7 @@ static struct ctl_table ipc_kern_table[] = {
.procname = "sem_next_id",
.data = &init_ipc_ns.ids[IPC_SEM_IDS].next_id,
.maxlen = sizeof(init_ipc_ns.ids[IPC_SEM_IDS].next_id),
- .mode = 0644,
+ .mode = 0644 | S_ISVTX,
.proc_handler = proc_ipc_dointvec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_INT_MAX,
@@ -207,7 +207,7 @@ static struct ctl_table ipc_kern_table[] = {
.procname = "msg_next_id",
.data = &init_ipc_ns.ids[IPC_MSG_IDS].next_id,
.maxlen = sizeof(init_ipc_ns.ids[IPC_MSG_IDS].next_id),
- .mode = 0644,
+ .mode = 0644 | S_ISVTX,
.proc_handler = proc_ipc_dointvec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_INT_MAX,
@@ -216,7 +216,7 @@ static struct ctl_table ipc_kern_table[] = {
.procname = "shm_next_id",
.data = &init_ipc_ns.ids[IPC_SHM_IDS].next_id,
.maxlen = sizeof(init_ipc_ns.ids[IPC_SHM_IDS].next_id),
- .mode = 0644,
+ .mode = 0644 | S_ISVTX,
.proc_handler = proc_ipc_dointvec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_INT_MAX,
@@ -225,18 +225,14 @@ static struct ctl_table ipc_kern_table[] = {
{}
};
-static struct ctl_table ipc_root_table[] = {
- {
- .procname = "kernel",
- .mode = 0555,
- .child = ipc_kern_table,
- },
+static struct ctl_path ipc_path[] = {
+ { .procname = "kernel", },
{}
};
static int __init ipc_sysctl_init(void)
{
- register_sysctl_table(ipc_root_table);
+ register_sysctl_paths(ipc_path, ipc_kern_table);
return 0;
}
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 50425f90433d..99dabb3a64e7 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2165,7 +2165,7 @@ static struct ctl_table kern_table[] = {
.data = &uevent_helper,
.maxlen = UEVENT_HELPER_PATH_LEN,
.mode = 0644 | S_ISVTX,
- .proc_handler = proc_dostring,
+ .proc_handler = proc_dostring_immutable,
},
#endif
#ifdef CONFIG_CHR_DEV_SG
@@ -2295,7 +2295,7 @@ static struct ctl_table kern_table[] = {
.data = &console_loglevel,
.maxlen = 4*sizeof(int),
.mode = 0644 | S_ISVTX,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_immutable,
},
{
.procname = "printk_ratelimit",
@@ -2510,12 +2510,10 @@ static struct ctl_table kern_table[] = {
#if defined(CONFIG_MMU)
{
.procname = "randomize_va_space",
- .data = &_randomize_va_space,
- .extra1 = (void *)offsetof(struct ve_struct,
- _randomize_va_space),
+ .data = &ve0._randomize_va_space,
.maxlen = sizeof(int),
.mode = 0644 | S_ISVTX,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_virtual,
},
#endif
#if defined(CONFIG_S390) && defined(CONFIG_SMP)
More information about the Devel
mailing list