From: Konstantin Khorenko <[email protected]> ntp service uses clock adjustment algorithm (sys_adjtimex()), so allow it in a Container with VE_FEATURE_TIME feature assigned.
https://jira.sw.ru/browse/PSBM-94635 Signed-off-by: Konstantin Khorenko <[email protected]> https://jira.sw.ru/browse/PSBM-127846 (cherry-picked from vz7 commit dee0301a8848 ("ve/time/ntp: allow CT ntp adjustment time tuning under VE_FEATURE_TIME feature")) Signed-off-by: Pavel Tikhomirov <[email protected]> --- kernel/time/timekeeping.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c index 3b6500c5a357..d8cca5b039c0 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -27,6 +27,8 @@ #include <linux/compiler.h> #include <linux/audit.h> +#include <uapi/linux/vzcalluser.h> + #include "tick-internal.h" #include "ntp_internal.h" #include "timekeeping_internal.h" @@ -2252,11 +2254,12 @@ static int timekeeping_validate_timex(const struct timex *txc) if (!(txc->modes & ADJ_OFFSET_SINGLESHOT)) return -EINVAL; if (!(txc->modes & ADJ_OFFSET_READONLY) && - !capable(CAP_SYS_TIME)) + !feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME)) return -EPERM; } else { /* In order to modify anything, you gotta be super-user! */ - if (txc->modes && !capable(CAP_SYS_TIME)) + if (txc->modes && + !feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME)) return -EPERM; /* * if the quartz is off by more than 10% then @@ -2270,7 +2273,7 @@ static int timekeeping_validate_timex(const struct timex *txc) if (txc->modes & ADJ_SETOFFSET) { /* In order to inject time, you gotta be super-user! */ - if (!capable(CAP_SYS_TIME)) + if (!feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME)) return -EPERM; /* -- 2.31.1 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
