[Devel] [PATCH rh7 v2] fs: Allow to mount ext4 and binfmt_misc under non-root ns

Andrew Vagin avagin at odin.com
Mon Oct 5 07:03:58 PDT 2015 

On Mon, Oct 05, 2015 at 02:47:49PM +0300, Kirill Tkhai wrote:
> https://jira.sw.ru/browse/PSBM-40100
> 
> v2: Check that user_ns is initial for the ve.
> NB: "vzctl enter" does not use initial cred,
> so I tested that using /etc/rc.local script.
> 
> Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
> ---
>  fs/binfmt_misc.c |    4 +++-
>  fs/ext4/super.c  |    6 +++++-
>  2 files changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
> index 90c306e..ffbc8fa 100644
> --- a/fs/binfmt_misc.c
> +++ b/fs/binfmt_misc.c
> @@ -735,6 +735,8 @@ static int bm_fill_super(struct super_block * sb, void * data, int silent)
>  static struct dentry *bm_mount(struct file_system_type *fs_type,
>  	int flags, const char *dev_name, void *data)
>  {
> +	if (get_exec_env()->init_cred->user_ns != current_user_ns())

init_cred is set in ve_start_container(), before this moment it's NULL

> +		return ERR_PTR(-EPERM);
>  	return mount_ns(fs_type, flags, get_exec_env(), bm_fill_super);
>  }
>  
> @@ -748,7 +750,7 @@ static struct file_system_type bm_fs_type = {
>  	.name		= "binfmt_misc",
>  	.mount		= bm_mount,
>  	.kill_sb	= kill_litter_super,
> -	.fs_flags	= FS_VIRTUALIZED,
> +	.fs_flags	= FS_VIRTUALIZED | FS_USERNS_MOUNT,
>  };
>  MODULE_ALIAS_FS("binfmt_misc");
>  
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 5209777..b67d6be 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -39,6 +39,7 @@
>  #include <linux/log2.h>
>  #include <linux/crc16.h>
>  #include <linux/cleancache.h>
> +#include <linux/ve.h>
>  #include <asm/uaccess.h>
>  
>  #include <linux/kthread.h>
> @@ -5642,6 +5643,8 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type,
>  static struct dentry *ext4_mount(struct file_system_type *fs_type, int flags,
>  		       const char *dev_name, void *data)
>  {
> +	if (get_exec_env()->init_cred->user_ns != current_user_ns())
> +		return ERR_PTR(-EPERM);
>  	return mount_bdev(fs_type, flags, dev_name, data, ext4_fill_super);
>  }
>  
> @@ -5727,7 +5730,8 @@ static struct file_system_type ext4_fs_type = {
>  	.mount		= ext4_mount,
>  	.kill_sb	= ext4_kill_sb,
>  	.fs_flags	= FS_REQUIRES_DEV | FS_HAS_INVALIDATE_RANGE |
> -			  FS_VIRTUALIZED | FS_HAS_MMAP_PREP,
> +			  FS_VIRTUALIZED | FS_HAS_MMAP_PREP | FS_USERNS_MOUNT |
> +			  FS_USERNS_DEV_MOUNT,
>  };
>  MODULE_ALIAS_FS("ext4");
>  
>

More information about the Devel mailing list