[Devel] [PATCH RHEL7 COMMIT] ve/fs: Allow to mount ext4 and binfmt_misc under non-root ns

Wed, 07 Oct 2015 03:55:56 -0700 

The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear 
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.3
------>
commit 47bd23dcf7807cc7f2f1300bf039c495f795437c
Author: Kirill Tkhai <ktk...@odin.com>
Date:   Wed Oct 7 14:47:07 2015 +0400

    ve/fs: Allow to mount ext4 and binfmt_misc under non-root ns
    
    https://jira.sw.ru/browse/PSBM-40100
    
    v2: Check that user_ns is initial for the ve.
    v3: Be sure ve->init_cred is set.
    
    Signed-off-by: Kirill Tkhai <ktk...@odin.com>
    Acked-by: Vladimir Davydov <vdavy...@virtuozzo.com>
    
    khorenko@: in fact we allowed to do those mounts in top CT user ns only.
---
 fs/binfmt_misc.c | 4 +++-
 fs/ext4/super.c  | 6 +++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index 90c306e..fd5227f 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -735,6 +735,8 @@ static int bm_fill_super(struct super_block * sb, void * 
data, int silent)
 static struct dentry *bm_mount(struct file_system_type *fs_type,
        int flags, const char *dev_name, void *data)
 {
+       if (!current_user_ns_initial())
+               return ERR_PTR(-EPERM);
        return mount_ns(fs_type, flags, get_exec_env(), bm_fill_super);
 }
 
@@ -748,7 +750,7 @@ static struct file_system_type bm_fs_type = {
        .name           = "binfmt_misc",
        .mount          = bm_mount,
        .kill_sb        = kill_litter_super,
-       .fs_flags       = FS_VIRTUALIZED,
+       .fs_flags       = FS_VIRTUALIZED | FS_USERNS_MOUNT,
 };
 MODULE_ALIAS_FS("binfmt_misc");
 
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 5209777..be7efb8 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -39,6 +39,7 @@
 #include <linux/log2.h>
 #include <linux/crc16.h>
 #include <linux/cleancache.h>
+#include <linux/ve.h>
 #include <asm/uaccess.h>
 
 #include <linux/kthread.h>
@@ -5642,6 +5643,8 @@ out:
 static struct dentry *ext4_mount(struct file_system_type *fs_type, int flags,
                       const char *dev_name, void *data)
 {
+       if (!current_user_ns_initial())
+               return ERR_PTR(-EPERM);
        return mount_bdev(fs_type, flags, dev_name, data, ext4_fill_super);
 }
 
@@ -5727,7 +5730,8 @@ static struct file_system_type ext4_fs_type = {
        .mount          = ext4_mount,
        .kill_sb        = ext4_kill_sb,
        .fs_flags       = FS_REQUIRES_DEV | FS_HAS_INVALIDATE_RANGE |
-                         FS_VIRTUALIZED | FS_HAS_MMAP_PREP,
+                         FS_VIRTUALIZED | FS_HAS_MMAP_PREP | FS_USERNS_MOUNT |
+                         FS_USERNS_DEV_MOUNT,
 };
 MODULE_ALIAS_FS("ext4");
 
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to