[rh7,3/3] ve/time/ntp: allow CT ntp adjustment time tuning under VE_FEATURE_TIME feature

Submitted by Konstantin Khorenko on May 24, 2019, 11:32 a.m.

Details

Message ID 20190524113229.30858-4-khorenko@virtuozzo.com
State New
Series "ve/time: allow date/time management from trusted Containers"
Headers show

Commit Message

Konstantin Khorenko May 24, 2019, 11:32 a.m.
ntp service uses clock adjustment algorithm (sys_adjtimex()),
so allow it in a Container with VE_FEATURE_TIME feature assigned.

https://jira.sw.ru/browse/PSBM-94635

Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 kernel/time/ntp.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

Patch hide | download patch | download mbox

diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 026d94e96df4..0552d58d27d6 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -17,6 +17,8 @@ 
 #include <linux/module.h>
 #include <linux/rtc.h>
 
+#include <uapi/linux/vzcalluser.h>
+
 #include "tick-internal.h"
 #include "ntp_internal.h"
 
@@ -642,11 +644,12 @@  int ntp_validate_timex(struct timex *txc)
 		if (!(txc->modes & ADJ_OFFSET_SINGLESHOT))
 			return -EINVAL;
 		if (!(txc->modes & ADJ_OFFSET_READONLY) &&
-		    !capable(CAP_SYS_TIME))
+		    !feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
 			return -EPERM;
 	} else {
 		/* In order to modify anything, you gotta be super-user! */
-		 if (txc->modes && !capable(CAP_SYS_TIME))
+		 if (txc->modes &&
+		     !feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME))
 			return -EPERM;
 		/*
 		 * if the quartz is off by more than 10% then
@@ -658,7 +661,8 @@  int ntp_validate_timex(struct timex *txc)
 			return -EINVAL;
 	}
 
-	if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME)))
+	if ((txc->modes & ADJ_SETOFFSET) &&
+	    (!feature_capable(VE_FEATURE_TIME, CAP_SYS_TIME)))
 		return -EPERM;
 
 	return 0;