[Devel] [PATCH rh7] fuse: allow to mount fuse filesystems inside CT
Stanislav Kinsburskiy
skinsbursky at odin.com
Tue Nov 10 06:52:14 PST 2015
10.11.2015 15:30, Andrey Ryabinin пишет:
> Currently mounting fuse fs inside CT fails because
> we don't pass (file->f_cred->user_ns != &init_user_ns) check.
> Test file's namespace against VE's init_cred->user_ns instead.
> This allows to use fuse inside containers.
>
> https://jira.sw.ru/browse/PSBM-41075
>
> Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
> ---
> fs/fuse/inode.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 4a1b46f..d7e2d4b 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -20,6 +20,7 @@
> #include <linux/random.h>
> #include <linux/sched.h>
> #include <linux/exportfs.h>
> +#include <linux/ve.h>
>
> MODULE_AUTHOR("Miklos Szeredi <miklos at szeredi.hu>");
> MODULE_DESCRIPTION("Filesystem in Userspace");
> @@ -1115,6 +1116,7 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
> struct fuse_req *init_req;
> int err;
> int is_bdev = sb->s_bdev != NULL;
> + struct user_namespace *root_user_ns;
>
> err = -EINVAL;
> if (sb->s_flags & MS_MANDLOCK)
> @@ -1146,8 +1148,13 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
> if (!file)
> goto err;
>
> + if (get_exec_env()->init_cred)
> + root_user_ns = get_exec_env()->init_cred->user_ns;
> + else
> + root_user_ns = &init_user_ns;
> +
We have some helper for this, if I'm not mistaken.
Probably this one:
current_user_ns_initial()
> if ((file->f_op != &fuse_dev_operations) ||
> - (file->f_cred->user_ns != &init_user_ns))
> + (file->f_cred->user_ns != root_user_ns))
> goto err_fput;
>
> fc = kmalloc(sizeof(*fc), GFP_KERNEL);
More information about the Devel
mailing list