[RHEL8,COMMIT] ve: allow writing to features and iptables_mask in pseudosuper state

Submitted by Konstantin Khorenko on Dec. 22, 2020, 1:48 p.m.

Details

Message ID 202012221348.0BMDm3Sa228579@finist-co8.sw.ru
State New
Series "ve: allow writing to features and iptables_mask in pseudosuper state"
Headers show

Commit Message

Konstantin Khorenko Dec. 22, 2020, 1:48 p.m.
The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.3
------>
commit 347eb23fe824e903516f1c80fa6bcbe01b6d28e0
Author: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Date:   Tue Dec 22 16:48:03 2020 +0300

    ve: allow writing to features and iptables_mask in pseudosuper state
    
    This is needed by criu to be able to restore those ops from
    vz-rst-action action script setup on setup-namespaces stage.
    This is effectively a port from vz7 kernel.
    
    While on it let's also fix missprint in ve_features_write name.
    
    https://jira.sw.ru/browse/PSBM-120728
    
    Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
---
 kernel/ve/ve.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Patch hide | download patch | download mbox

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index 3f53641455ad..65a1ea27b738 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -930,11 +930,12 @@  static u64 ve_reatures_read(struct cgroup_subsys_state *css, struct cftype *cft)
 	return css_to_ve(css)->features;
 }
 
-static int ve_reatures_write(struct cgroup_subsys_state *css, struct cftype *cft, u64 val)
+static int ve_features_write(struct cgroup_subsys_state *css, struct cftype *cft, u64 val)
 {
 	struct ve_struct *ve = css_to_ve(css);
 
-	if (!ve_is_super(get_exec_env()))
+	if (!ve_is_super(get_exec_env()) &&
+	    !ve->is_pseudosuper)
 		return -EPERM;
 
 	down_write(&ve->op_sem);
@@ -957,7 +958,8 @@  static int ve_iptables_mask_write(struct cgroup_subsys_state *css, struct cftype
 {
 	struct ve_struct *ve = css_to_ve(css);
 
-	if (!ve_is_super(get_exec_env()))
+	if (!ve_is_super(get_exec_env()) &&
+	    !ve->is_pseudosuper)
 		return -EPERM;
 
 	down_write(&ve->op_sem);
@@ -1285,7 +1287,7 @@  static struct cftype ve_cftypes[] = {
 		.name			= "features",
 		.flags			= CFTYPE_NOT_ON_ROOT,
 		.read_u64		= ve_reatures_read,
-		.write_u64		= ve_reatures_write,
+		.write_u64		= ve_features_write,
 	},
 	{
 		.name			= "os_release",