Changelog:
OpenVZ kernel rh7-3.10.0-229.7.2.vz7.8.4
* NBD module is enabled in kernel config
* AUDIT is enabled in kernel config and now works on the host
* allow mount ext4 and binfmt_misc inside a CT
* CT should be able to create devices
* always show steal time == 0 inside a CT
* fix divi
Acked-by: Pavel Tikhomirov
On 10/07/2015 10:59 AM, Andrew Vagin wrote:
Reported-by: Pavel Tikhomirov
Signed-off-by: Andrew Vagin
---
fs/namespace.c |8 +++-
scripts/basic/fixdep | Bin 13875 -> 14262 bytes
2 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/fs/na
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.3
-->
commit d693573172a1ce54f7eb7773967cb7eae30d41c2
Author: Maxim Patlasov
Date: Wed Oct 7 15:27:55 2015 +0400
ms/mm/page-writ
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.3
-->
commit 744efff9ff308203a9fca42da982edcbb04bcb49
Author: Kirill Tkhai
Date: Wed Oct 7 15:22:33 2015 +0400
ve/sched: Hide st
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.3
-->
commit 9791eb158101e3cb174fbd5f4cac5d275a3833b6
Author: Andrew Vagin
Date: Wed Oct 7 15:05:40 2015 +0400
ve/fs: don't add
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.3
-->
commit 96bfd9a8802f1533094f5ec3ec8b4a35316b
Author: Kirill Tkhai
Date: Wed Oct 7 14:54:24 2015 +0400
ve/devmptfs: Use
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.3
-->
commit 47bd23dcf7807cc7f2f1300bf039c495f795437c
Author: Kirill Tkhai
Date: Wed Oct 7 14:47:07 2015 +0400
ve/fs: Allow to m
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.3
-->
commit ad166c6dbc2b669ad1fe11e30316c05daf134d0c
Author: Kirill Tkhai
Date: Wed Oct 7 14:47:00 2015 +0400
ve: Implement cur
On 06.10.2015 23:30, Vladimir Davydov wrote:
> On Tue, Oct 06, 2015 at 12:35:51PM +0300, Kirill Tkhai wrote:
> ...
>> @@ -735,6 +735,8 @@ static int bm_fill_super(struct super_block * sb, void *
>> data, int silent)
>> static struct dentry *bm_mount(struct file_system_type *fs_type,
>> int
Use the helper instead of hardcoded check.
Suggested-by: Vladimir Davydov
Signed-off-by: Kirill Tkhai
---
drivers/base/devtmpfs.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
index 9f3809c..92840a0 100644
--- a/drivers/
First we need to fake allowing all devices for docker 1.7+ for
privileged docker
Second we need to ignore wrong caps in container as in CT we do not
allow: CAP_SYS_MODULE, CAP_SYS_RAWIO, CAP_SYS_PACCT, CAP_SYS_TIME
Pavel Tikhomirov (2):
device_cgroup: fake allowing all devices for docker insid
This reverts commit 750558eb81ef22527ee1d5fc5b5081410cffda29.
Signed-off-by: Pavel Tikhomirov
---
security/commoncap.c | 37 ++---
1 file changed, 30 insertions(+), 7 deletions(-)
diff --git a/security/commoncap.c b/security/commoncap.c
index 3a7003d..9d0a2b6 100
Docker from 1.7.0 tries to add "a" to devices.allow for newly created
privileged container device_cgroup, and thus to allow all devices in
docker container. Docker fails to do so because not all devices are
allowed in parent VZCT cgroup.
To support docker we must allow writing "a" to devices.allow
Reported-by: Pavel Tikhomirov
Signed-off-by: Andrew Vagin
---
fs/namespace.c |8 +++-
scripts/basic/fixdep | Bin 13875 -> 14262 bytes
2 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 77a1ede..1377488 100644
--- a/fs/namespace.c
14 matches
Mail list logo
