[Devel] [PATCH rh7] fs: Allow mounting a bdev in RW mode even if devcgroup allows only RO.

[Kirill Tkhai]

We doesn't want to allow a CT full write access over a bdev,
so that vzctl usually prohibits it.

But we want to permit a mounting in RW mode inside container.

https://jira.sw.ru/browse/PSBM-34497

Note_1 (for reviewer): FMODE_MOUNT is used only in mount_bdev(),
so this patch affects the only place.

Note_2: strange, but kernel does not check for devcgroup pemittions
during remount. If write access is prohibited, it's possible to
mount a bdev in RO mode, and to remount it RW after that, without
problems. Looks like a mainstream bug. I'll think about that/send
a patch/etc.

Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
---
 fs/block_dev.c       |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/fs/block_dev.c b/fs/block_dev.c
index 15bd3ae..34949b0 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1075,8 +1075,16 @@ static int __blkdev_get(struct block_device *bdev, fmode_t mode, int for_part)
 		perm |= MAY_READ;
 	if (mode & FMODE_WRITE)
 		perm |= MAY_WRITE;
-	if (mode & FMODE_MOUNT)
+	if (mode & FMODE_MOUNT) {
 		perm |= MAY_MOUNT;
+		/*
+		 * In PCS7 vzctl usually prohibits write access in devcgroup
+		 * permittions, because it allows direct writing to a bdev,
+		 * which is dangerous.
+		 * But anyway we want to permit mounting a bdev in rw mode.
+		 */
+		perm &= ~MAY_WRITE;
+	}
 	/*
 	 * hooks: /n/, see "layering violations".
 	 */