[Devel] [PATCH RHEL10 COMMIT] ve/cgroup-v2: Allow writing to some files in the root of cgroup namespace
Konstantin Khorenko
khorenko at virtuozzo.com
Sat Dec 13 23:29:56 MSK 2025
The commit is pushed to "branch-rh10-6.12.0-55.13.1.3.x.vz10-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh10-6.12.0-55.13.1.2.24.vz10
------>
commit 7ad91781e59943014497c26dd29cb80b40d08ddf
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date: Wed Dec 10 18:34:24 2025 +0800
ve/cgroup-v2: Allow writing to some files in the root of cgroup namespace
We start ve by writing "START" to ve.state when we are already in
container cgroup namespace and files in root directories of cgroup
namespace are inaccessible by default.
Writing ve.os_release is only allowed when ve is lined to its UTS
namespace, so it happens after "START"
So both for ve.state and ve.os_release we have to allow writing in
cgroup namespace.
After pseudosuper is dropped those files will become non-writable again.
https://virtuozzo.atlassian.net/browse/VSTOR-119804
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Feature: ve: ve generic structures
---
kernel/ve/ve.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index 84e23b7e61ee9..5d28d78a74da4 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -1808,7 +1808,7 @@ static struct cftype ve_cftypes[] = {
{
.name = "state",
- .flags = CFTYPE_NOT_ON_ROOT,
+ .flags = CFTYPE_NOT_ON_ROOT | CFTYPE_NS_DELEGATABLE,
.seq_show = ve_state_show,
.write = ve_state_write,
},
@@ -1871,7 +1871,7 @@ static struct cftype ve_cftypes[] = {
{
.name = "os_release",
.max_write_len = __NEW_UTS_LEN + 1,
- .flags = CFTYPE_NOT_ON_ROOT,
+ .flags = CFTYPE_NOT_ON_ROOT | CFTYPE_NS_DELEGATABLE,
.seq_show = ve_os_release_read,
.write = ve_os_release_write,
},
More information about the Devel
mailing list