[Devel] [PATCH rh7 1/2] nfs, nfsd: Allow to mount fs from initial VE's user_ns

Kirill Tkhai ktkhai at odin.com
Tue Oct 6 10:02:49 PDT 2015 

Since VE's init starts in VE's own user_ns now, we should
allow a CT programs to mount nfs and nfsd.

https://jira.sw.ru/browse/PSBM-40047

Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
---

[This series should go on top of "ve: Implement current_user_ns_initial() helper" series]

 fs/nfs/super.c   |    6 ++++--
 fs/nfsd/nfsctl.c |    4 +++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 4951b77..0465698 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -297,7 +297,7 @@ struct file_system_type nfs_fs_type = {
 	.mount		= nfs_fs_mount,
 	.kill_sb	= nfs_kill_super,
 	.fs_flags	= FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA|
-			  FS_VIRTUALIZED,
+			  FS_VIRTUALIZED|FS_USERNS_MOUNT,
 };
 MODULE_ALIAS_FS("nfs");
 EXPORT_SYMBOL_GPL(nfs_fs_type);
@@ -338,7 +338,7 @@ struct file_system_type nfs4_fs_type = {
 	.mount		= nfs_fs_mount,
 	.kill_sb	= nfs_kill_super,
 	.fs_flags	= FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA|
-			  FS_VIRTUALIZED,
+			  FS_VIRTUALIZED|FS_USERNS_MOUNT,
 };
 MODULE_ALIAS_FS("nfs4");
 MODULE_ALIAS("nfs4");
@@ -2636,6 +2636,8 @@ struct dentry *nfs_fs_mount(struct file_system_type *fs_type,
 
 	if (!(get_exec_env()->features & VE_FEATURE_NFS))
 		return ERR_PTR(-ENODEV);
+	if (!current_user_ns_initial())
+		return ERR_PTR(-EPERM);
 
 	mount_info.parsed = nfs_alloc_parsed_mount_data();
 	mount_info.mntfh = nfs_alloc_fhandle();
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index 048d61d..1f06f7c 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -1126,6 +1126,8 @@ static int nfsd_fill_super(struct super_block * sb, void * data, int silent)
 static struct dentry *nfsd_mount(struct file_system_type *fs_type,
 	int flags, const char *dev_name, void *data)
 {
+	if (!current_user_ns_initial())
+		return ERR_PTR(-EPERM);
 	return mount_ns(fs_type, flags, current->nsproxy->net_ns, nfsd_fill_super);
 }
 
@@ -1142,7 +1144,7 @@ static struct file_system_type nfsd_fs_type = {
 	.name		= "nfsd",
 	.mount		= nfsd_mount,
 	.kill_sb	= nfsd_umount,
-	.fs_flags	= FS_VIRTUALIZED,
+	.fs_flags	= FS_VIRTUALIZED|FS_USERNS_MOUNT,
 };
 MODULE_ALIAS_FS("nfsd");

More information about the Devel mailing list