On Tue, Oct 06, 2015 at 12:35:51PM +0300, Kirill Tkhai wrote:
...
> @@ -735,6 +735,8 @@ static int bm_fill_super(struct super_block * sb, void *
> data, int silent)
> static struct dentry *bm_mount(struct file_system_type *fs_type,
> int flags, const char *dev_name, void *data)
> {
> + if (!current_user_ns_initial())
> + return ERR_PTR(-EPERM);
FWIW, I think we should use this new nice helper in dev_mount too
instead of open-coding the ve->init_cred->user_ns check.
> return mount_ns(fs_type, flags, get_exec_env(), bm_fill_super);
> }
>
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
