[Devel] [PATCH 2/2] fs: allow to mount devtmpfs in a non-root userns

Andrew Vagin avagin at openvz.org
Wed Aug 26 03:40:20 PDT 2015


devtmpfs is virtualized, so it has to be secure.

Signed-off-by: Andrew Vagin <avagin at openvz.org>
---
 drivers/base/devtmpfs.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
index c28e42c..66c8dd2 100644
--- a/drivers/base/devtmpfs.c
+++ b/drivers/base/devtmpfs.c
@@ -58,6 +58,9 @@ __setup("devtmpfs.mount=", mount_param);
 static struct dentry *dev_mount(struct file_system_type *fs_type, int flags,
 		      const char *dev_name, void *data)
 {
+	if (get_exec_env()->init_cred->user_ns != current_user_ns())
+		return -EPERM;
+
 #ifdef CONFIG_TMPFS
 	return mount_ns(fs_type, flags, data, get_exec_env(), shmem_fill_super);
 #else
@@ -69,7 +72,7 @@ static struct file_system_type dev_fs_type = {
 	.name = "devtmpfs",
 	.mount = dev_mount,
 	.kill_sb = kill_litter_super,
-	.fs_flags = FS_VIRTUALIZED,
+	.fs_flags = FS_VIRTUALIZED | FS_USERNS_MOUNT | FS_USERNS_DEV_MOUNT,
 };
 
 #ifdef CONFIG_BLOCK
-- 
1.7.1




More information about the Devel mailing list