On Fri, Aug 28, 2015 at 05:20:01PM +0400, Andrew Vagin wrote:
> +bool ve_capable(int cap)
> +{
> + return ns_capable(get_exec_env()->init_cred->user_ns, cap);
> +}
init_cred is set in ve_grab_context, which means that if a task
occasionally uses ve_capable() before writing START to ve.state, the
kernel will panic. Please add a sanity check, which will make
ve_capable() fall back on capable() if init_cred is not available.
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
