Re: [Devel] [PATCH rh7 v2] fs: Allow to mount ext4 and binfmt_misc under non-root ns

Tue, 06 Oct 2015 02:48:56 -0700 


On 05.10.2015 17:03, Andrew Vagin wrote:
> On Mon, Oct 05, 2015 at 02:47:49PM +0300, Kirill Tkhai wrote:
>> https://jira.sw.ru/browse/PSBM-40100
>>
>> v2: Check that user_ns is initial for the ve.
>> NB: "vzctl enter" does not use initial cred,
>> so I tested that using /etc/rc.local script.
>>
>> Signed-off-by: Kirill Tkhai <ktk...@odin.com>
>> ---
>>  fs/binfmt_misc.c |    4 +++-
>>  fs/ext4/super.c  |    6 +++++-
>>  2 files changed, 8 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
>> index 90c306e..ffbc8fa 100644
>> --- a/fs/binfmt_misc.c
>> +++ b/fs/binfmt_misc.c
>> @@ -735,6 +735,8 @@ static int bm_fill_super(struct super_block * sb, void * 
>> data, int silent)
>>  static struct dentry *bm_mount(struct file_system_type *fs_type,
>>      int flags, const char *dev_name, void *data)
>>  {
>> +    if (get_exec_env()->init_cred->user_ns != current_user_ns())
> 
> init_cred is set in ve_start_container(), before this moment it's NULL

Yeah, I'm agree we should fix that independent of current vzctl behaviour.
 
>> +            return ERR_PTR(-EPERM);
>>      return mount_ns(fs_type, flags, get_exec_env(), bm_fill_super);
>>  }
>>  
>> @@ -748,7 +750,7 @@ static struct file_system_type bm_fs_type = {
>>      .name           = "binfmt_misc",
>>      .mount          = bm_mount,
>>      .kill_sb        = kill_litter_super,
>> -    .fs_flags       = FS_VIRTUALIZED,
>> +    .fs_flags       = FS_VIRTUALIZED | FS_USERNS_MOUNT,
>>  };
>>  MODULE_ALIAS_FS("binfmt_misc");
>>  
>> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
>> index 5209777..b67d6be 100644
>> --- a/fs/ext4/super.c
>> +++ b/fs/ext4/super.c
>> @@ -39,6 +39,7 @@
>>  #include <linux/log2.h>
>>  #include <linux/crc16.h>
>>  #include <linux/cleancache.h>
>> +#include <linux/ve.h>
>>  #include <asm/uaccess.h>
>>  
>>  #include <linux/kthread.h>
>> @@ -5642,6 +5643,8 @@ static ssize_t ext4_quota_write(struct super_block 
>> *sb, int type,
>>  static struct dentry *ext4_mount(struct file_system_type *fs_type, int 
>> flags,
>>                     const char *dev_name, void *data)
>>  {
>> +    if (get_exec_env()->init_cred->user_ns != current_user_ns())
>> +            return ERR_PTR(-EPERM);
>>      return mount_bdev(fs_type, flags, dev_name, data, ext4_fill_super);
>>  }
>>  
>> @@ -5727,7 +5730,8 @@ static struct file_system_type ext4_fs_type = {
>>      .mount          = ext4_mount,
>>      .kill_sb        = ext4_kill_sb,
>>      .fs_flags       = FS_REQUIRES_DEV | FS_HAS_INVALIDATE_RANGE |
>> -                      FS_VIRTUALIZED | FS_HAS_MMAP_PREP,
>> +                      FS_VIRTUALIZED | FS_HAS_MMAP_PREP | FS_USERNS_MOUNT |
>> +                      FS_USERNS_DEV_MOUNT,
>>  };
>>  MODULE_ALIAS_FS("ext4");
>>  
>>
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to