[Devel] [PATCH rh7] fs: Allow to mount ext4 and binfmt_misc under non-root user ns
Kirill Tkhai
ktkhai at odin.com
Mon Oct 5 02:33:17 PDT 2015
On 02.10.2015 20:48, Andrey Wagin wrote:
> 2015-10-02 20:26 GMT+03:00 Kirill Tkhai <ktkhai at odin.com>:
>> https://jira.sw.ru/browse/PSBM-40100
>
> We can allow to mount these file systems only if we are in the ve's userns.
> A non-root user in a container can create a new userns, but he should
> not be able to mount ext4, doesn't he?
Yeah, sure, thanks!
>>
>> Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
>> ---
>> fs/binfmt_misc.c | 2 +-
>> fs/ext4/super.c | 3 ++-
>> 2 files changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
>> index 90c306e..2be9b62 100644
>> --- a/fs/binfmt_misc.c
>> +++ b/fs/binfmt_misc.c
>> @@ -748,7 +748,7 @@ static struct file_system_type bm_fs_type = {
>> .name = "binfmt_misc",
>> .mount = bm_mount,
>> .kill_sb = kill_litter_super,
>> - .fs_flags = FS_VIRTUALIZED,
>> + .fs_flags = FS_VIRTUALIZED | FS_USERNS_MOUNT,
>> };
>> MODULE_ALIAS_FS("binfmt_misc");
>>
>> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
>> index 5209777..2193000 100644
>> --- a/fs/ext4/super.c
>> +++ b/fs/ext4/super.c
>> @@ -5727,7 +5727,8 @@ static struct file_system_type ext4_fs_type = {
>> .mount = ext4_mount,
>> .kill_sb = ext4_kill_sb,
>> .fs_flags = FS_REQUIRES_DEV | FS_HAS_INVALIDATE_RANGE |
>> - FS_VIRTUALIZED | FS_HAS_MMAP_PREP,
>> + FS_VIRTUALIZED | FS_HAS_MMAP_PREP | FS_USERNS_MOUNT |
>> + FS_USERNS_DEV_MOUNT,
>> };
>> MODULE_ALIAS_FS("ext4");
>>
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at openvz.org
>> https://lists.openvz.org/mailman/listinfo/devel
More information about the Devel
mailing list