The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-229.7.2.vz7.6.8 ------> commit 68cf9d3cff9993ae2793c53661721b89d1b2895b Author: Andrew Vagin <ava...@openvz.org> Date: Tue Sep 8 12:47:01 2015 +0400
ve: revise permissions to allow mount smth reverts commit d492bfa387237 ("ve/vfs: allow mount/umount, pivot_root with CAP_VE_SYS_ADMIN") Return back to the behavior of the upstream kernel. Currently we use mount namespaces and need nothing special here. https://jira.sw.ru/browse/PSBM-39077 Signed-off-by: Andrew Vagin <ava...@virtuozzo.com> Reviewed-by: Vladimir Davydov <vdavy...@virtuozzo.com> --- fs/namespace.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 593b262..77a1ede 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1306,9 +1306,7 @@ static int do_umount(struct mount *mnt, int flags) */ static inline bool may_mount(void) { - return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN) || - nsown_capable(CAP_SYS_ADMIN) || - nsown_capable(CAP_VE_SYS_ADMIN); + return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN); } /* _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel