[Devel] [PATCH rh7] fs: Allow to mount ext4 and binfmt_misc under non-root user ns
Andrey Wagin
avagin at gmail.com
Fri Oct 2 10:48:15 PDT 2015
2015-10-02 20:26 GMT+03:00 Kirill Tkhai <ktkhai at odin.com>:
> https://jira.sw.ru/browse/PSBM-40100
We can allow to mount these file systems only if we are in the ve's userns.
A non-root user in a container can create a new userns, but he should
not be able to mount ext4, doesn't he?
>
> Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
> ---
> fs/binfmt_misc.c | 2 +-
> fs/ext4/super.c | 3 ++-
> 2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
> index 90c306e..2be9b62 100644
> --- a/fs/binfmt_misc.c
> +++ b/fs/binfmt_misc.c
> @@ -748,7 +748,7 @@ static struct file_system_type bm_fs_type = {
> .name = "binfmt_misc",
> .mount = bm_mount,
> .kill_sb = kill_litter_super,
> - .fs_flags = FS_VIRTUALIZED,
> + .fs_flags = FS_VIRTUALIZED | FS_USERNS_MOUNT,
> };
> MODULE_ALIAS_FS("binfmt_misc");
>
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 5209777..2193000 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -5727,7 +5727,8 @@ static struct file_system_type ext4_fs_type = {
> .mount = ext4_mount,
> .kill_sb = ext4_kill_sb,
> .fs_flags = FS_REQUIRES_DEV | FS_HAS_INVALIDATE_RANGE |
> - FS_VIRTUALIZED | FS_HAS_MMAP_PREP,
> + FS_VIRTUALIZED | FS_HAS_MMAP_PREP | FS_USERNS_MOUNT |
> + FS_USERNS_DEV_MOUNT,
> };
> MODULE_ALIAS_FS("ext4");
>
>
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://lists.openvz.org/mailman/listinfo/devel
More information about the Devel
mailing list