The commit is pushed to "branch-rh10-6.12.0-55.13.1.2.x.vz10-ovz" and will
appear at [email protected]:openvz/vzkernel.git
after rh10-6.12.0-55.13.1.2.10.vz10
------>
commit b45a461e9d470ca98e6813d3c72302b111d38023
Author: Pavel Tikhomirov <[email protected]>
Date: Wed Sep 17 18:16:04 2025 +0800
ve/cgroup: Allow attaching to VE root cgroup from VE via cgroup-v2
Before that fix, when we first entered ve cgroup and then tried to
attach to unified cgroup, we saw vzctl exec/stop produce error:
Error writing to /sys/fs/cgroup/machine.slice/<ve>/cgroup.procs
data='<pid>': Operation not permitted
as we were already in ve and ve-restriction to attach to root ve unified
cgroup applied, we should just remove this restriction..
We only had it enabled for corresponding cgroup-v1 files, now let's also
enable for cgroup-v2 files too.
Fixes: ad418fb3f8775 ("ve/cgroup: Allow to write to several safe cgroup
files from CT")
Signed-off-by: Pavel Tikhomirov <[email protected]>
Feature: cgroup: whitelist of writeable files in CT
---
kernel/cgroup/cgroup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 067d7eb0f655e..9d75e0a7b675c 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5631,7 +5631,7 @@ static struct cftype cgroup_base_files[] = {
},
{
.name = "cgroup.procs",
- .flags = CFTYPE_NS_DELEGATABLE,
+ .flags = CFTYPE_NS_DELEGATABLE | CFTYPE_VE_WRITABLE,
.file_offset = offsetof(struct cgroup, procs_file),
.release = cgroup_procs_release,
.seq_start = cgroup_procs_start,
@@ -5641,7 +5641,7 @@ static struct cftype cgroup_base_files[] = {
},
{
.name = "cgroup.threads",
- .flags = CFTYPE_NS_DELEGATABLE,
+ .flags = CFTYPE_NS_DELEGATABLE | CFTYPE_VE_WRITABLE,
.release = cgroup_procs_release,
.seq_start = cgroup_threads_start,
.seq_next = cgroup_procs_next,
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
