Allow user to set security xattr (XATTR_SECURITY_PREFIX) from the inside of ve on external mounts (for example, root).
https://jira.sw.ru/browse/PSBM-122071 Signed-off-by: Andrey Zhadchenko <andrey.zhadche...@virtuozzo.com> --- security/commoncap.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c index 6ce7b51..30795d8 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -912,7 +912,10 @@ int cap_inode_setxattr(struct dentry *dentry, const char *name, return 0; if (!ns_capable(user_ns, CAP_SYS_ADMIN)) - return -EPERM; +#ifdef CONFIG_VE + if (!ve_capable(CAP_SYS_ADMIN)) +#endif + return -EPERM; return 0; } @@ -947,7 +950,10 @@ int cap_inode_removexattr(struct dentry *dentry, const char *name) } if (!ns_capable(user_ns, CAP_SYS_ADMIN)) - return -EPERM; +#ifdef CONFIG_VE + if (!ve_capable(CAP_SYS_ADMIN)) +#endif + return -EPERM; return 0; } -- 1.8.3.1 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
