[Devel] [PATCH RHEL10 COMMIT] fixup! ve/cgroup: hide non-virtualized cgroups in container

Konstantin Khorenko khorenko at virtuozzo.com
Fri Jun 5 21:32:14 MSK 2026


The commit is pushed to "branch-rh10-6.12.0-55.52.1.5.x.vz10-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh10-6.12.0-55.52.1.5.29.vz10
------>
commit d9feccda8086e15ab3c2599b55d7edfdf2b7109a
Author: Vladimir Riabchun <vladimir.riabchun at virtuozzo.com>
Date:   Tue Jun 2 21:10:41 2026 +0000

    fixup! ve/cgroup: hide non-virtualized cgroups in container
    
    ve_hide_cgroups is defined only with CONFIG_VE.
    
    https://virtuozzo.atlassian.net/browse/VSTOR-130116
    
    Feature: !CONFIG_VE build
    Signed-off-by: Vladimir Riabchun <vladimir.riabchun at virtuozzo.com>
    Reviewed-by: Vasileios Almpanis <vasileios.almpanis at virtuozzo.com>
---
 kernel/cgroup/cgroup-v1.c | 2 ++
 kernel/cgroup/cgroup.c    | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
index dfa9b0c830824..79f1130a6591d 100644
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -1373,8 +1373,10 @@ int cgroup1_get_tree(struct fs_context *fc)
 
 	cgroup_unlock();
 
+#ifdef CONFIG_VE
 	if (!ret && ve_hide_cgroups(ctx->root))
 		ret = -EPERM;
+#endif
 
 	if (!ret)
 		ret = cgroup_do_get_tree(fc);
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index e32589e2f305e..02fd4513dcbdc 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -2648,8 +2648,10 @@ static int cgroup_get_tree(struct fs_context *fc)
 	struct cgroup_fs_context *ctx = cgroup_fc2context(fc);
 	int ret;
 
+#ifdef CONFIG_VE
 	if (ve_hide_cgroups(&cgrp_dfl_root))
 		return -EPERM;
+#endif
 
 	WRITE_ONCE(cgrp_dfl_visible, true);
 	cgroup_get_live(&cgrp_dfl_root.cgrp);


More information about the Devel mailing list