The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.9.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.9.3
------>
commit efa550dba8d848ec63030da21030616b4e001072
Author: Stanislav Kinsburskiy <skinsbur...@virtuozzo.com>
Date: Wed Oct 28 18:19:58 2015 +0400
ve/fs/namei: check containers capabilities in may_linkat()
This fixes -EPERM result for link creation by root in container.
https://jira.sw.ru/browse/PSBM-40567
Signed-off-by: Stanislav Kinsburskiy <skinsbur...@virtuozzo.com>
---
fs/namei.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index e7d9f54..d3430ee 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -869,7 +869,7 @@ static int may_linkat(struct path *link)
* otherwise, it must be a safe source.
*/
if (uid_eq(cred->fsuid, inode->i_uid) || safe_hardlink_source(inode) ||
- capable(CAP_FOWNER))
+ ve_capable(CAP_FOWNER))
return 0;
audit_log_link_denied("linkat", link);
@@ -3955,7 +3955,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *,
oldname,
* handlink using the passed filedescriptor.
*/
if (flags & AT_EMPTY_PATH) {
- if (!capable(CAP_DAC_READ_SEARCH))
+ if (!ve_capable(CAP_DAC_READ_SEARCH))
return -ENOENT;
how = LOOKUP_EMPTY;
}
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
