similar to: [PATCH] xen: replace strict_strtoul() with kstrtoul()

This patch introcude cfq_cgroup structure which is type for group control within expanded CFQ scheduler. In addition, the cfq_cgroup structure has "ioprio" entry which is preference of group for I/O. Signed-off-by: Satoshi UCHIDA <s-uchida at ap.jp.nec.com> --- block/cfq-cgroup.c | 148 +++++++++++++++++++++++++++++++++++++++++

> How do I start a process with a limited set of capabilities under > another uid? > > Use the sucap utility which changes uid from root without loosing any > capabilities. Normally all capabilities are cleared when changing uid > from root. The sucap utility requires the CAP_SETPCAP capability. > The following example starts updated under uid updated and gid updated >

On 4/30/19 3:15 PM, Peter Crowther wrote: > On Tue, 30 Apr 2019 at 10:48, Daniel P. Berrangé <berrange@redhat.com> > wrote: > >> On Tue, Apr 30, 2019 at 10:45:03AM +0100, Peter Crowther wrote: >>> On Tue, 30 Apr 2019 at 10:40, Michal Privoznik <mprivozn@redhat.com> >> wrote: >>> >>>> Is there any problem running libvirtd as root?

Filesystem rebalancing (BTRFS_IOC_BALANCE) affects the entire filesystem and may run uninterruptibly for a long time. This does not seem to be something that an unprivileged user should be able to do. Reported-by: Aron Xu <happyaron.xu@gmail.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- fs/btrfs/volumes.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-)

This code in vhost_scsi_make_tpg() is confusing because we limit "tpgt" to UINT_MAX but the data type of "tpg->tport_tpgt" and that is a u16. I looked at the context and it turns out that in vhost_scsi_set_endpoint(), "tpg->tport_tpgt" is used as an offset into the vs_tpg[] array which has VHOST_SCSI_MAX_TARGET (256) elements so anything higher than 255 then it

This code in vhost_scsi_make_tpg() is confusing because we limit "tpgt" to UINT_MAX but the data type of "tpg->tport_tpgt" and that is a u16. I looked at the context and it turns out that in vhost_scsi_set_endpoint(), "tpg->tport_tpgt" is used as an offset into the vs_tpg[] array which has VHOST_SCSI_MAX_TARGET (256) elements so anything higher than 255 then it

This patch introduces iprio class for cfq data control layer. By applying this patch, controller can also handle the RT/IDLE properties among groups. Signed-off-by: Satoshi UCHIDA <s-uchida at ap.jp.nec.com> --- block/cfq-cgroup.c | 344 +++++++++++++++++++++++++------------------ include/linux/cfq-iosched.h | 1 + 2 files changed, 203 insertions(+), 142 deletions(-)

This patch introduces iprio class for cfq data control layer. By applying this patch, controller can also handle the RT/IDLE properties among groups. Signed-off-by: Satoshi UCHIDA <s-uchida at ap.jp.nec.com> --- block/cfq-cgroup.c | 344 +++++++++++++++++++++++++------------------ include/linux/cfq-iosched.h | 1 + 2 files changed, 203 insertions(+), 142 deletions(-)

Hi! I with my colleagues from Samsung trying to run systemd in Linux container. I saw that the others are experimenting in this topic, so I would like to present the results of my work and tests, perhaps it will be helpful to others. As the prototype I used a manual written by Daniel: https://www.berrange.com/posts/2013/08/12/running-a-full-fedora-os-inside-a-libvirt-lxc-guest/ After many

This patch to the balloon driver eliminates the need for a user-space program to slosh memory between domains and xen. This uses a proc file at /proc/xen/memory_target. When read it reports memory the domain owns in bytes. Writing a new value to the memory_target proc file will cause the domain to exchange memory with xen to reach the target. A xenolinux domain cannot grow bigger than it was

This patch add a interface for parameter of cfq driver data. Signed-off-by: Satoshi UCHIDA <s-uchida at ap.jp.nec.com> --- block/cfq-cgroup.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 files changed, 58 insertions(+), 1 deletions(-) diff --git a/block/cfq-cgroup.c b/block/cfq-cgroup.c index 4938fa0..776874d 100644 --- a/block/cfq-cgroup.c +++

On Tue, 30 Apr 2019 at 10:48, Daniel P. Berrangé <berrange@redhat.com> wrote: > On Tue, Apr 30, 2019 at 10:45:03AM +0100, Peter Crowther wrote: > > On Tue, 30 Apr 2019 at 10:40, Michal Privoznik <mprivozn@redhat.com> > wrote: > > > > > Is there any problem running libvirtd as root? > > > > > > Yes, in the regulated environment in which I

Add a mount option user_subvol_rm_allowed that allows users to delete a (potentially non-empty!) subvol when they would otherwise we allowed to do an rmdir(2). We duplicate the may_delete() checks from the core VFS code to implement identical security checks (minus the directory size check). Signed-off-by: Sage Weil <sage@newdream.net> --- fs/btrfs/ctree.h | 1 + fs/btrfs/ioctl.c |

Hi all. Has someone success story with using autofs + nfs inside libvirt LXC container ? In my case nfs client and server in lxc work just fine, but with autofs hang on system call state(). I use CE7_64 on nodes and inside container with libvirt 1.2.18 May be I must set some of capabilities in <feature> (http://man7.org/linux/man-pages/man7/capabilities.7.html) ? I try only CAP_SYS_ADMIN

On Tue, Apr 30, 2019 at 10:45:03AM +0100, Peter Crowther wrote: > On Tue, 30 Apr 2019 at 10:40, Michal Privoznik <mprivozn@redhat.com> wrote: > > > Is there any problem running libvirtd as root? > > > > Yes, in the regulated environment in which I work! I have to do far more > thorough threat analysis than I would do if I knew which capabilities it > had. So

Hi, Quoting Pol Van Aubel (2020-01-21 23:41:48) > Hi, > > Quoting Pavel Hrdina (2020-01-21 12:53:49) > > Thanks for the logs, but it did not help to figure out where the issue > > is. I was hoping to see some error output from the syscall but the line > > that should contain it is empty: > > > > 2020-01-20 19:47:15.589+0000: 8579: debug :

Hi, A week ago I submitted an early patch, please ignore it. The patch attached to this email has been tested and seems to work for me. I have also attached instead of inline to solve problems with spaces/tabs. The patch will, on systems that have libcap support, drop capabilities that Dovecot doesn't need. For example there is no need for CAP_SYS_MODULE, which enables module

https://bugzilla.mindrot.org/show_bug.cgi?id=3714 Bug ID: 3714 Summary: sftp fails in one direction Product: Portable OpenSSH Version: 9.2p1 Hardware: ARM64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sftp Assignee: unassigned-bugs at mindrot.org

Hi all, following the thread about the BTRFS_IOC_TREE_SEARCH ioctl [1], I made a patch which try to address the problem of restarting the ioctl. In the current solution is the application during the restart of the search to fill the min_* fields in the "struct btrfs_ioctl_search_key". In general the values set are the last one returned "+1". But doing so we reduce the

Hi Joe, Thank you for the patch. On Monday 31 Jul 2017 11:29:13 Joe Kniss wrote: > New getfb2 functionality uses drm_mode_fb_cmd2 struct to be symmetric > with addfb2. What's the use case for this ? We haven't needed such an ioctl for so long that it seemed to me that userspace doesn't really need it, but I could be wrong. > Also modifies *_fb_create_handle() calls to