The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.9.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rebase ------> commit dab4ee299737a29e2db6a9e25df6db3fb59ce0b3 Author: Cyrill Gorcunov <gorcu...@odin.com> Date: Wed Dec 2 19:15:38 2015 +0400
ve/fanotify: Use ve-capable instead of plain capable test To create fanotify objects one have to be sysadmin of a container. The main potential problem is unlimited number of marks and queue, but since it uses kmem cgroup to obtain objects this should be controllable via memory cgroup settings. https://jira.sw.ru/browse/PSBM-41409 Signed-off-by: Cyrill Gorcunov <gorcu...@virtuozzo.com> Reviewed-by: Vladimir Davydov <vdavy...@virtuozzo.com> khorenko@: note: up to now we don't know apps which use fanotifies in real life, only a specific CRIU unit test. --- fs/notify/fanotify/fanotify_user.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index f1680cd..9ac303f 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -678,7 +678,7 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags) pr_debug("%s: flags=%d event_f_flags=%d\n", __func__, flags, event_f_flags); - if (!capable(CAP_SYS_ADMIN)) + if (!ve_capable(CAP_SYS_ADMIN)) return -EPERM; if (flags & ~FAN_ALL_INIT_FLAGS) @@ -730,7 +730,7 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags) if (flags & FAN_UNLIMITED_QUEUE) { fd = -EPERM; - if (!capable(CAP_SYS_ADMIN)) + if (!ve_capable(CAP_SYS_ADMIN)) goto out_destroy_group; group->max_events = UINT_MAX; } else { @@ -739,7 +739,7 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags) if (flags & FAN_UNLIMITED_MARKS) { fd = -EPERM; - if (!capable(CAP_SYS_ADMIN)) + if (!ve_capable(CAP_SYS_ADMIN)) goto out_destroy_group; group->fanotify_data.max_marks = UINT_MAX; } else { _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel