[Devel] [PATCH RH10] ve/cgroup: Allow attaching to VE root cgroup from VE via cgroup-v2

[Pavel Tikhomirov]

Before that fix, when we first entered ve cgroup and then tried to
attach to unified cgroup, we saw vzctl exec/stop produce error:

Error writing to /sys/fs/cgroup/machine.slice/<ve>/cgroup.procs data='<pid>': Operation not permitted

as we were already in ve and ve-restriction to attach to root ve unified
cgroup applied, we should just remove this restriction..

We only had it enabled for corresponding cgroup-v1 files, now let's also
enable for cgroup-v2 files too.

Fixes: ad418fb3f8775 ("ve/cgroup: Allow to write to several safe cgroup files from CT")
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>

Feature: cgroup: whitelist of writeable files in CT
---
 kernel/cgroup/cgroup.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 067d7eb0f655e..9d75e0a7b675c 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5631,7 +5631,7 @@ static struct cftype cgroup_base_files[] = {
 	},
 	{
 		.name = "cgroup.procs",
-		.flags = CFTYPE_NS_DELEGATABLE,
+		.flags = CFTYPE_NS_DELEGATABLE | CFTYPE_VE_WRITABLE,
 		.file_offset = offsetof(struct cgroup, procs_file),
 		.release = cgroup_procs_release,
 		.seq_start = cgroup_procs_start,
@@ -5641,7 +5641,7 @@ static struct cftype cgroup_base_files[] = {
 	},
 	{
 		.name = "cgroup.threads",
-		.flags = CFTYPE_NS_DELEGATABLE,
+		.flags = CFTYPE_NS_DELEGATABLE | CFTYPE_VE_WRITABLE,
 		.release = cgroup_procs_release,
 		.seq_start = cgroup_threads_start,
 		.seq_next = cgroup_procs_next,
-- 
2.51.0