We start ve by writing "START" to ve.state when we are already in container cgroup namespace and files in root directories of cgroup namespace are inaccessible by default.
Writing ve.os_release is only allowed when ve is lined to its UTS namespace, so it happens after "START" So both for ve.state and ve.os_release we have to allow writing in cgroup namespace. After pseudosuper is dropped those files will become non-writable again. https://virtuozzo.atlassian.net/browse/VSTOR-119804 Signed-off-by: Pavel Tikhomirov <[email protected]> Feature: ve: ve generic structures --- kernel/ve/ve.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c index 84e23b7e61ee..5d28d78a74da 100644 --- a/kernel/ve/ve.c +++ b/kernel/ve/ve.c @@ -1808,7 +1808,7 @@ static struct cftype ve_cftypes[] = { { .name = "state", - .flags = CFTYPE_NOT_ON_ROOT, + .flags = CFTYPE_NOT_ON_ROOT | CFTYPE_NS_DELEGATABLE, .seq_show = ve_state_show, .write = ve_state_write, }, @@ -1871,7 +1871,7 @@ static struct cftype ve_cftypes[] = { { .name = "os_release", .max_write_len = __NEW_UTS_LEN + 1, - .flags = CFTYPE_NOT_ON_ROOT, + .flags = CFTYPE_NOT_ON_ROOT | CFTYPE_NS_DELEGATABLE, .seq_show = ve_os_release_read, .write = ve_os_release_write, }, -- 2.52.0 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
