[Devel] [PATCH VZ10 v2 03/12] ve/cgroup-v2: Allow writing to some files in the root of cgroup namespace

Wed Dec 10 13:34:24 MSK 2025

We start ve by writing "START" to  ve.state when we are already in
container cgroup namespace and files in root directories of cgroup
namespace are inaccessible by default.

Writing ve.os_release is only allowed when ve is lined to its UTS
namespace, so it happens after "START"

So both for ve.state and ve.os_release we have to allow writing in
cgroup namespace.

After pseudosuper is dropped those files will become non-writable again.

https://virtuozzo.atlassian.net/browse/VSTOR-119804
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>

Feature: ve: ve generic structures
---
 kernel/ve/ve.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index 84e23b7e61ee..5d28d78a74da 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -1808,7 +1808,7 @@ static struct cftype ve_cftypes[] = {
 
 	{
 		.name			= "state",
-		.flags			= CFTYPE_NOT_ON_ROOT,
+		.flags			= CFTYPE_NOT_ON_ROOT | CFTYPE_NS_DELEGATABLE,
 		.seq_show		= ve_state_show,
 		.write			= ve_state_write,
 	},
@@ -1871,7 +1871,7 @@ static struct cftype ve_cftypes[] = {
 	{
 		.name			= "os_release",
 		.max_write_len		= __NEW_UTS_LEN + 1,
-		.flags			= CFTYPE_NOT_ON_ROOT,
+		.flags			= CFTYPE_NOT_ON_ROOT | CFTYPE_NS_DELEGATABLE,
 		.seq_show		= ve_os_release_read,
 		.write			= ve_os_release_write,
 	},
-- 
2.52.0

