[prev in list] [next in list] [prev in thread] [next in thread]
List: openvz-devel
Subject: [Devel] [PATCH vz8] cgroup: Allow mounting cgroups in containers.
From: Andrey Ryabinin <aryabinin () virtuozzo ! com>
Date: 2019-10-28 13:52:32
Message-ID: 20191028135232.24888-1-aryabinin () virtuozzo ! com
[Download RAW message or body]
With addition of the cgroup namespaces our old scheme of bindmounting
cgroups in container doesn't work anymore. In fact we don't need
it, because we have cgroup namespaces. But our ve-specific permission
check in cgroup_mount() breaks cgroup namespacing.
Just remove it, we have proper permission checks based on namespaces
and don't need this ve-crud anymore.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
---
kernel/cgroup/cgroup.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 223ac0e46969..7376dd53cb84 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -2121,12 +2121,6 @@ static struct dentry *cgroup_mount(struct file_system_type *fs_type,
struct dentry *dentry;
int ret;
-#ifdef CONFIG_VE
- if (!ve_is_super(get_exec_env()) && !(flags & MS_KERNMOUNT)) {
- if (!get_exec_env()->is_pseudosuper)
- return ERR_PTR(-EACCES);
- }
-#endif
get_cgroup_ns(ns);
/* Check if the caller has permission to mount. */
--
2.23.0
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic