devtmpfs is virtualized, so it has to be secure. v2: fix return code
Signed-off-by: Andrew Vagin <ava...@openvz.org> --- drivers/base/devtmpfs.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c index c28e42c..f21e292 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c @@ -58,6 +58,9 @@ __setup("devtmpfs.mount=", mount_param); static struct dentry *dev_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *data) { + if (get_exec_env()->init_cred->user_ns != current_user_ns()) + return ERR_PTR(-EPERM); + #ifdef CONFIG_TMPFS return mount_ns(fs_type, flags, data, get_exec_env(), shmem_fill_super); #else @@ -69,7 +72,7 @@ static struct file_system_type dev_fs_type = { .name = "devtmpfs", .mount = dev_mount, .kill_sb = kill_litter_super, - .fs_flags = FS_VIRTUALIZED, + .fs_flags = FS_VIRTUALIZED | FS_USERNS_MOUNT | FS_USERNS_DEV_MOUNT, }; #ifdef CONFIG_BLOCK -- 1.7.1 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel