Priviliged processes inside VE should be able to configure /proc/$PID/oom_score_adj. But they can't since we use user_ns, and they do not have CAP_SYS_RESOURCE in init_user_ns.
Use ve_capable() instead. https://jira.sw.ru/browse/PSBM-40359 Signed-off-by: Kirill Tkhai <ktk...@odin.com> --- fs/proc/base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index b574498..57df314 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -1109,7 +1109,7 @@ static ssize_t oom_score_adj_write(struct file *file, const char __user *buf, } if ((short)oom_score_adj < task->signal->oom_score_adj_min && - !capable(CAP_SYS_RESOURCE)) { + !ve_capable(CAP_SYS_RESOURCE)) { err = -EACCES; goto err_sighand; } _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
