[Devel] [PATCH] fs/locks: Make CAP_LEASE work in containers

Evgenii Shatokhin Mon, 25 Apr 2016 08:25:44 -0700

https://jira.sw.ru/browse/PSBM-46199


Allowing the privileged processes in the containers to set leases on
arbitrary files seems to make no harm. Let us make CAP_LEASE work there.

Signed-off-by: Evgenii Shatokhin <eshatok...@virtuozzo.com>
---
 fs/locks.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/locks.c b/fs/locks.c
index 93c097b..82e9bc3 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1693,7 +1693,7 @@ int generic_setlease(struct file *filp, long arg, struct 
file_lock **flp,
        struct inode *inode = dentry->d_inode;
        int error;
 
-       if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
+       if ((!uid_eq(current_fsuid(), inode->i_uid)) && !ve_capable(CAP_LEASE))
                return -EACCES;
        if (!S_ISREG(inode->i_mode))
                return -EINVAL;
-- 
2.6.3

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH] fs/locks: Make CAP_LEASE work in containers

Reply via email to