[Devel] [PATCH rh7 1/2] nfs, nfsd: Allow to mount fs from initial VE's user_ns

Tue, 06 Oct 2015 11:12:22 -0700 

Since VE's init starts in VE's own user_ns now, we should
allow a CT programs to mount nfs and nfsd.

https://jira.sw.ru/browse/PSBM-40047

Signed-off-by: Kirill Tkhai <ktk...@odin.com>
---

[This series should go on top of "ve: Implement current_user_ns_initial() 
helper" series]

 fs/nfs/super.c   |    6 ++++--
 fs/nfsd/nfsctl.c |    4 +++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 4951b77..0465698 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -297,7 +297,7 @@ struct file_system_type nfs_fs_type = {
        .mount          = nfs_fs_mount,
        .kill_sb        = nfs_kill_super,
        .fs_flags       = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA|
-                         FS_VIRTUALIZED,
+                         FS_VIRTUALIZED|FS_USERNS_MOUNT,
 };
 MODULE_ALIAS_FS("nfs");
 EXPORT_SYMBOL_GPL(nfs_fs_type);
@@ -338,7 +338,7 @@ struct file_system_type nfs4_fs_type = {
        .mount          = nfs_fs_mount,
        .kill_sb        = nfs_kill_super,
        .fs_flags       = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA|
-                         FS_VIRTUALIZED,
+                         FS_VIRTUALIZED|FS_USERNS_MOUNT,
 };
 MODULE_ALIAS_FS("nfs4");
 MODULE_ALIAS("nfs4");
@@ -2636,6 +2636,8 @@ struct dentry *nfs_fs_mount(struct file_system_type 
*fs_type,
 
        if (!(get_exec_env()->features & VE_FEATURE_NFS))
                return ERR_PTR(-ENODEV);
+       if (!current_user_ns_initial())
+               return ERR_PTR(-EPERM);
 
        mount_info.parsed = nfs_alloc_parsed_mount_data();
        mount_info.mntfh = nfs_alloc_fhandle();
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index 048d61d..1f06f7c 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -1126,6 +1126,8 @@ static int nfsd_fill_super(struct super_block * sb, void 
* data, int silent)
 static struct dentry *nfsd_mount(struct file_system_type *fs_type,
        int flags, const char *dev_name, void *data)
 {
+       if (!current_user_ns_initial())
+               return ERR_PTR(-EPERM);
        return mount_ns(fs_type, flags, current->nsproxy->net_ns, 
nfsd_fill_super);
 }
 
@@ -1142,7 +1144,7 @@ static struct file_system_type nfsd_fs_type = {
        .name           = "nfsd",
        .mount          = nfsd_mount,
        .kill_sb        = nfsd_umount,
-       .fs_flags       = FS_VIRTUALIZED,
+       .fs_flags       = FS_VIRTUALIZED|FS_USERNS_MOUNT,
 };
 MODULE_ALIAS_FS("nfsd");
 

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to