This security check in oom_score_adj_write was misplaced during the
rebase to RH7. Originally it targeted at oom_adj_write. However, instead
of moving it to oom_adj_write I completely remove it, because there is
absolutely no reason to forbid setting oom_adj while allowing to tweak
oom_score_adj, because the former is just a legacy API for the latter.
Anyway, with the previous patch applied it is safe to allow a container
to set oom_score_adj/oom_adj, because their values are only relevant to
local OOM, while on system-wide OOM they are simply ignored.
Signed-off-by: Vladimir Davydov <vdavy...@parallels.com>
---
fs/proc/base.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 3f2b4d96fd25..25dc5279880c 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1093,8 +1093,6 @@ static ssize_t oom_score_adj_write(struct file *file,
const char __user *buf,
err = -EINVAL;
goto out;
}
- if (!ve_is_super(get_exec_env()))
- goto out;
task = get_proc_task(file_inode(file));
if (!task) {
--
2.1.4
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
