The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at
https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit b817057893624f70e914dae2df6386ae6700b902
Author: Evgenii Shatokhin <eshatok...@virtuozzo.com>
Date: Fri Sep 24 15:48:46 2021 +0300
ve/fs/locks: Make CAP_LEASE work in containers
Allowing the privileged processes in the containers to set leases on
arbitrary files seems to make no harm. Let us make CAP_LEASE work there.
https://jira.sw.ru/browse/PSBM-46199
Signed-off-by: Evgenii Shatokhin <eshatok...@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcu...@openvz.org>
(cherry picked from vz8 commit 3550407163989a6901cfa17922783d1143dd69d1)
Signed-off-by: Andrey Zhadchenko <andrey.zhadche...@virtuozzo.com>
---
fs/locks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/locks.c b/fs/locks.c
index 74b2a1dfe8d8..3edcf30793d5 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -2000,7 +2000,7 @@ int generic_setlease(struct file *filp, long arg, struct
file_lock **flp,
struct inode *inode = locks_inode(filp);
int error;
- if ((!uid_eq(current_fsuid(), inode->i_uid)) && !capable(CAP_LEASE))
+ if ((!uid_eq(current_fsuid(), inode->i_uid)) && !ve_capable(CAP_LEASE))
return -EACCES;
if (!S_ISREG(inode->i_mode))
return -EINVAL;
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
