[Devel] [PATCH VZ10 v4 23/44] fixup! ve/cgroup: hide non-virtualized cgroups in container
Vladimir Riabchun
vladimir.riabchun at virtuozzo.com
Wed Jun 3 00:10:41 MSK 2026
ve_hide_cgroups is defined only with CONFIG_VE.
https://virtuozzo.atlassian.net/browse/VSTOR-130116
Feature: !CONFIG_VE build
Signed-off-by: Vladimir Riabchun <vladimir.riabchun at virtuozzo.com>
---
kernel/cgroup/cgroup-v1.c | 2 ++
kernel/cgroup/cgroup.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
index dfa9b0c83082..79f1130a6591 100644
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -1373,8 +1373,10 @@ int cgroup1_get_tree(struct fs_context *fc)
cgroup_unlock();
+#ifdef CONFIG_VE
if (!ret && ve_hide_cgroups(ctx->root))
ret = -EPERM;
+#endif
if (!ret)
ret = cgroup_do_get_tree(fc);
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index e32589e2f305..02fd4513dcbd 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -2648,8 +2648,10 @@ static int cgroup_get_tree(struct fs_context *fc)
struct cgroup_fs_context *ctx = cgroup_fc2context(fc);
int ret;
+#ifdef CONFIG_VE
if (ve_hide_cgroups(&cgrp_dfl_root))
return -EPERM;
+#endif
WRITE_ONCE(cgrp_dfl_visible, true);
cgroup_get_live(&cgrp_dfl_root.cgrp);
--
2.47.1
More information about the Devel
mailing list