[Devel] [PATCH RHEL9 COMMIT] ve/time/ntp: allow CT ntp adjustment time tuning under VE_FEATURE_TIME feature

Wed, 20 Oct 2021 05:42:10 -0700 

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at 
https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-4.vz9.10.12
------>
commit 7313142ce3326582174261624cc2e381d8fd6729
Author: Konstantin Khorenko <khore...@virtuozzo.com>
Date:   Wed Oct 20 11:40:48 2021 +0300

    ve/time/ntp: allow CT ntp adjustment time tuning under VE_FEATURE_TIME 
feature
    
    ntp service uses clock adjustment algorithm (sys_adjtimex()),
    so allow it in a Container with VE_FEATURE_TIME feature assigned.
    
    https://jira.sw.ru/browse/PSBM-94635
    Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
    
    https://jira.sw.ru/browse/PSBM-127846
    (cherry-picked from vz7 commit dee0301a8848 ("ve/time/ntp: allow CT ntp
    adjustment time tuning under VE_FEATURE_TIME feature"))
    Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
    
    (cherry picked from vz8 commit d0bba429c03cf20e4e344b12b8dd1c8d298b4575)
    Signed-off-by: Andrey Zhadchenko <andrey.zhadche...@virtuozzo.com>
---
 kernel/time/timekeeping.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index e5c4800447d7..b7235ac3b95e 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -23,6 +23,8 @@
 #include <linux/compiler.h>
 #include <linux/audit.h>
 
+#include <uapi/linux/vzcalluser.h>
+
 #include "tick-internal.h"
 #include "ntp_internal.h"
 #include "timekeeping_internal.h"
@@ -2324,11 +2326,12 @@ static int timekeeping_validate_timex(const struct 
__kernel_timex *txc)
                if (!(txc->modes & ADJ_OFFSET_SINGLESHOT))
                        return -EINVAL;
                if (!(txc->modes & ADJ_OFFSET_READONLY) &&
-                   !capable(CAP_SYS_TIME))
+                   !feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
                        return -EPERM;
        } else {
                /* In order to modify anything, you gotta be super-user! */
-               if (txc->modes && !capable(CAP_SYS_TIME))
+               if (txc->modes &&
+                   !feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
                        return -EPERM;
                /*
                 * if the quartz is off by more than 10% then
@@ -2342,7 +2345,7 @@ static int timekeeping_validate_timex(const struct 
__kernel_timex *txc)
 
        if (txc->modes & ADJ_SETOFFSET) {
                /* In order to inject time, you gotta be super-user! */
-               if (!capable(CAP_SYS_TIME))
+               if (!feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
                        return -EPERM;
 
                /*
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to