The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.9.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-229.7.2.vz7.8.9 ------> commit ada22ff01dd731869dd3a64d900e30f2be14f902 Author: Kirill Tkhai <ktk...@odin.com> Date: Tue Oct 20 19:01:57 2015 +0400
ve/proc: Use ve_capable() in oom_score_adj_write() Priviliged processes inside VE should be able to configure /proc/$PID/oom_score_adj. But they can't since we use user_ns, and they do not have CAP_SYS_RESOURCE in init_user_ns. Use ve_capable() instead. https://jira.sw.ru/browse/PSBM-40359 Signed-off-by: Kirill Tkhai <ktk...@odin.com> Reviewed-by: Vladimir Davydov <vdavy...@virtuozzo.com> --- fs/proc/base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index b5f3a70..b597b01 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -1109,7 +1109,7 @@ static ssize_t oom_score_adj_write(struct file *file, const char __user *buf, } if ((short)oom_score_adj < task->signal->oom_score_adj_min && - !capable(CAP_SYS_RESOURCE)) { + !ve_capable(CAP_SYS_RESOURCE)) { err = -EACCES; goto err_sighand; } _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel