[Devel] [PATCH RHEL COMMIT] ve/sysctl/pidns: allow to change sysctl "ns_last_pid" from containers
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Sep 28 19:31:06 MSK 2021
The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit dbdf9baf6b79c5c7277951ebbab13ea7be040fa7
Author: Andrew Vagin <avagin at openvz.org>
Date: Tue Sep 28 19:31:06 2021 +0300
ve/sysctl/pidns: allow to change sysctl "ns_last_pid" from containers
ns_last_pid belongs to pidns, so it's safe.
Signed-off-by: Andrew Vagin <avagin at openvz.org>
(cherry picked from commit 7a98fd7389e05adeed6b1dba2766066b06db8992)
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
(cherry picked from vz8 commit 290b207fd39e94781e99dd3f8d2fbe35e64be81f)
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
kernel/pid_namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index c4a02327e955..5c6555bbb300 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -293,7 +293,7 @@ static struct ctl_table pid_ns_ctl_table[] = {
{
.procname = "ns_last_pid",
.maxlen = sizeof(int),
- .mode = 0666, /* permissions are checked in the handler */
+ .mode = 0666 | S_ISVTX, /* permissions are checked in the handler */
.proc_handler = pid_ns_ctl_handler,
.extra1 = SYSCTL_ZERO,
.extra2 = &pid_max,
More information about the Devel
mailing list