On 06.10.2015 23:30, Vladimir Davydov wrote: > On Tue, Oct 06, 2015 at 12:35:51PM +0300, Kirill Tkhai wrote: > ... >> @@ -735,6 +735,8 @@ static int bm_fill_super(struct super_block * sb, void * >> data, int silent) >> static struct dentry *bm_mount(struct file_system_type *fs_type, >> int flags, const char *dev_name, void *data) >> { >> + if (!current_user_ns_initial()) >> + return ERR_PTR(-EPERM); > > FWIW, I think we should use this new nice helper in dev_mount too > instead of open-coding the ve->init_cred->user_ns check.
Good idea. I sent one more patch. >> return mount_ns(fs_type, flags, get_exec_env(), bm_fill_super); >> } >> _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel