[Devel] [PATCH 2/2] fs: allow to mount devtmpfs in a non-root userns
Andrew Vagin
avagin at openvz.org
Wed Aug 26 03:40:20 PDT 2015
devtmpfs is virtualized, so it has to be secure.
Signed-off-by: Andrew Vagin <avagin at openvz.org>
---
drivers/base/devtmpfs.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
index c28e42c..66c8dd2 100644
--- a/drivers/base/devtmpfs.c
+++ b/drivers/base/devtmpfs.c
@@ -58,6 +58,9 @@ __setup("devtmpfs.mount=", mount_param);
static struct dentry *dev_mount(struct file_system_type *fs_type, int flags,
const char *dev_name, void *data)
{
+ if (get_exec_env()->init_cred->user_ns != current_user_ns())
+ return -EPERM;
+
#ifdef CONFIG_TMPFS
return mount_ns(fs_type, flags, data, get_exec_env(), shmem_fill_super);
#else
@@ -69,7 +72,7 @@ static struct file_system_type dev_fs_type = {
.name = "devtmpfs",
.mount = dev_mount,
.kill_sb = kill_litter_super,
- .fs_flags = FS_VIRTUALIZED,
+ .fs_flags = FS_VIRTUALIZED | FS_USERNS_MOUNT | FS_USERNS_DEV_MOUNT,
};
#ifdef CONFIG_BLOCK
--
1.7.1
More information about the Devel
mailing list