[Devel] [PATCH RHEL8 COMMIT] ve/time/ntp: allow CT ntp adjustment time tuning under VE_FEATURE_TIME feature

Fri, 18 Jun 2021 09:15:10 -0700 

The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear 
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.45
------>
commit 4576f547b2c580b34c3923e8a6400c043ee181ab
Author: Konstantin Khorenko <[email protected]>
Date:   Fri Jun 18 15:13:53 2021 +0300

    ve/time/ntp: allow CT ntp adjustment time tuning under VE_FEATURE_TIME 
feature
    
    ntp service uses clock adjustment algorithm (sys_adjtimex()),
    so allow it in a Container with VE_FEATURE_TIME feature assigned.
    
    https://jira.sw.ru/browse/PSBM-94635
    Signed-off-by: Konstantin Khorenko <[email protected]>
    
    https://jira.sw.ru/browse/PSBM-127846
    (cherry-picked from vz7 commit dee0301a8848 ("ve/time/ntp: allow CT ntp
    adjustment time tuning under VE_FEATURE_TIME feature"))
    Signed-off-by: Pavel Tikhomirov <[email protected]>
---
 kernel/time/timekeeping.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index 3b6500c5a357..d8cca5b039c0 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -27,6 +27,8 @@
 #include <linux/compiler.h>
 #include <linux/audit.h>
 
+#include <uapi/linux/vzcalluser.h>
+
 #include "tick-internal.h"
 #include "ntp_internal.h"
 #include "timekeeping_internal.h"
@@ -2252,11 +2254,12 @@ static int timekeeping_validate_timex(const struct 
timex *txc)
                if (!(txc->modes & ADJ_OFFSET_SINGLESHOT))
                        return -EINVAL;
                if (!(txc->modes & ADJ_OFFSET_READONLY) &&
-                   !capable(CAP_SYS_TIME))
+                   !feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
                        return -EPERM;
        } else {
                /* In order to modify anything, you gotta be super-user! */
-               if (txc->modes && !capable(CAP_SYS_TIME))
+               if (txc->modes &&
+                   !feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
                        return -EPERM;
                /*
                 * if the quartz is off by more than 10% then
@@ -2270,7 +2273,7 @@ static int timekeeping_validate_timex(const struct timex 
*txc)
 
        if (txc->modes & ADJ_SETOFFSET) {
                /* In order to inject time, you gotta be super-user! */
-               if (!capable(CAP_SYS_TIME))
+               if (!feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
                        return -EPERM;
 
                /*
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to