After rebase to RH8.4 we now have alternative code path to mount bdev
for filesystems which switched to new mount api (e.g. checked it on
xfs). Without this fix if block device with xfs is available in
container and has "b major:minor rM" device cgroup allow rule for this
container, the user inside would still not be able to mount this disk,
which means "M" would not work.
Note: we use "M" instead of "w" when we want to only allow mounting of
the given disk but not writes to it.
Fixes: 6d716d983506 ("device_cgroup: add device visibility virtualization in
CT")
Signed-off-by: Pavel Tikhomirov <[email protected]>
---
fs/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/super.c b/fs/super.c
index a68ab7d3e1b7..2edab581b876 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -1328,7 +1328,7 @@ int get_tree_bdev(struct fs_context *fc,
if (!fc->source)
return invalf(fc, "No source specified");
- bdev = blkdev_get_by_path(fc->source, mode, fc->fs_type);
+ bdev = blkdev_get_by_path(fc->source, mode | FMODE_MOUNT, fc->fs_type);
if (IS_ERR(bdev)) {
errorf(fc, "%s: Can't open blockdev", fc->source);
return PTR_ERR(bdev);
--
2.31.1
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
