[Devel] [PATCH RHEL7 COMMIT] ve/fs: Allow to mount ext4 and binfmt_misc under non-root ns

Konstantin Khorenko khorenko at virtuozzo.com
Wed Oct 7 03:47:07 PDT 2015 

The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.3
------>
commit 47bd23dcf7807cc7f2f1300bf039c495f795437c
Author: Kirill Tkhai <ktkhai at odin.com>
Date:   Wed Oct 7 14:47:07 2015 +0400

    ve/fs: Allow to mount ext4 and binfmt_misc under non-root ns
    
    https://jira.sw.ru/browse/PSBM-40100
    
    v2: Check that user_ns is initial for the ve.
    v3: Be sure ve->init_cred is set.
    
    Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
    Acked-by: Vladimir Davydov <vdavydov at virtuozzo.com>
    
    khorenko@: in fact we allowed to do those mounts in top CT user ns only.
---
 fs/binfmt_misc.c | 4 +++-
 fs/ext4/super.c  | 6 +++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index 90c306e..fd5227f 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -735,6 +735,8 @@ static int bm_fill_super(struct super_block * sb, void * data, int silent)
 static struct dentry *bm_mount(struct file_system_type *fs_type,
 	int flags, const char *dev_name, void *data)
 {
+	if (!current_user_ns_initial())
+		return ERR_PTR(-EPERM);
 	return mount_ns(fs_type, flags, get_exec_env(), bm_fill_super);
 }
 
@@ -748,7 +750,7 @@ static struct file_system_type bm_fs_type = {
 	.name		= "binfmt_misc",
 	.mount		= bm_mount,
 	.kill_sb	= kill_litter_super,
-	.fs_flags	= FS_VIRTUALIZED,
+	.fs_flags	= FS_VIRTUALIZED | FS_USERNS_MOUNT,
 };
 MODULE_ALIAS_FS("binfmt_misc");
 
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 5209777..be7efb8 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -39,6 +39,7 @@
 #include <linux/log2.h>
 #include <linux/crc16.h>
 #include <linux/cleancache.h>
+#include <linux/ve.h>
 #include <asm/uaccess.h>
 
 #include <linux/kthread.h>
@@ -5642,6 +5643,8 @@ out:
 static struct dentry *ext4_mount(struct file_system_type *fs_type, int flags,
 		       const char *dev_name, void *data)
 {
+	if (!current_user_ns_initial())
+		return ERR_PTR(-EPERM);
 	return mount_bdev(fs_type, flags, dev_name, data, ext4_fill_super);
 }
 
@@ -5727,7 +5730,8 @@ static struct file_system_type ext4_fs_type = {
 	.mount		= ext4_mount,
 	.kill_sb	= ext4_kill_sb,
 	.fs_flags	= FS_REQUIRES_DEV | FS_HAS_INVALIDATE_RANGE |
-			  FS_VIRTUALIZED | FS_HAS_MMAP_PREP,
+			  FS_VIRTUALIZED | FS_HAS_MMAP_PREP | FS_USERNS_MOUNT |
+			  FS_USERNS_DEV_MOUNT,
 };
 MODULE_ALIAS_FS("ext4");

More information about the Devel mailing list