[Devel] [PATCH RH7] sysfs: propagate access to all sub-directories hierarchically

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Wed Aug 26 03:28:48 PDT 2015 

Docker test TestGetContainerStats asks docker to get network
stats of container. Docker tries to get network devices stats
like count of bytes or packets sent/received from:
/sys/class/net/[device_name]/statistics/*

We showed only statistics directory but not it's content as
namespace tag check went up only for one level. So make this
check fully hierarchical for docker.

https://jira.sw.ru/browse/PSBM-34523
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
 fs/sysfs/dir.c   | 10 +++++++---
 fs/sysfs/inode.c |  8 ++++++--
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index da73287..b4a7fda 100644
--- a/fs/sysfs/dir.c
+++ b/fs/sysfs/dir.c
@@ -77,14 +77,18 @@ static int sysfs_sd_compare(const struct sysfs_dirent *left,
 static bool sysfs_sd_visible(struct sysfs_dirent *sd, struct super_block *sb)
 {
 	struct ve_struct *ve = sysfs_info(sb)->ve;
+	struct sysfs_dirent *tmp_sd = sd;
 
 	/* Host sees anything */
 	if (ve_is_super(ve))
 		return true;
 
-	/* Entries with namespace tag always visible */
-	if (sd->s_ns || (sd->s_parent && sd->s_parent->s_ns))
-		return true;
+	/* Entries with namespace tag and their sub-entries always visible */
+	while (tmp_sd) {
+		if (tmp_sd->s_ns)
+			return true;
+		tmp_sd = tmp_sd->s_parent;
+	}
 
 	/* Symlinks are visible if target sd is visible */
 	if (sysfs_type(sd) == SYSFS_KOBJ_LINK)
diff --git a/fs/sysfs/inode.c b/fs/sysfs/inode.c
index 45f5212..7e54859 100644
--- a/fs/sysfs/inode.c
+++ b/fs/sysfs/inode.c
@@ -345,13 +345,17 @@ int sysfs_hash_and_remove(struct sysfs_dirent *dir_sd, const void *ns, const cha
 static int sysfs_sd_permission(struct sysfs_dirent *sd, int mask)
 {
 	struct ve_struct *ve = get_exec_env();
+	struct sysfs_dirent *tmp_sd = sd;
 	int perm;
 
 	if (ve_is_super(ve))
 		return 0;
 
-	if (sd->s_ns || (sd->s_parent && sd->s_parent->s_ns))
-		return 0;
+	while (tmp_sd) {
+		if (tmp_sd->s_ns)
+			return 0;
+		tmp_sd = tmp_sd->s_parent;
+	}
 
 	if (sysfs_type(sd) == SYSFS_KOBJ_LINK)
 		sd = sd->s_symlink.target_sd;
-- 
1.9.3

More information about the Devel mailing list