[prev in list] [next in list] [prev in thread] [next in thread]
List: openvz-devel
Subject: [Devel] [PATCH RH7 1/3] vfs: allow mount/umount, pivot_root with CAP_VE_SYS_ADMIN
From: ptikhomirov () virtuozzo ! com (Pavel Tikhomirov)
Date: 2015-06-30 12:17:52
Message-ID: 1435666674-10381-2-git-send-email-ptikhomirov () virtuozzo ! com
[Download RAW message or body]
need this for docker as docker tries to mount:
mount("","/","", MS_PRIVATE | MS_REC, "")
and as we will not allow CAP_SYS_ADMIN in container.
* after switching to user namespaces we won't need this patch
https://jira.sw.ru/browse/PSBM-34523
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
fs/namespace.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index b9dfd0c..a73464f 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1306,7 +1306,9 @@ static int do_umount(struct mount *mnt, int flags)
*/
static inline bool may_mount(void)
{
- return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN) || nsown_capable(CAP_SYS_ADMIN);
+ return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN) ||
+ nsown_capable(CAP_SYS_ADMIN) ||
+ nsown_capable(CAP_VE_SYS_ADMIN);
}
/*
--
1.9.3
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic