[Devel] [PATCH RHEL7 COMMIT] ve/nfs, nfsd: Allow to mount fs from initial VE's user_ns
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Oct 8 03:30:14 PDT 2015
The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.4
------>
commit a133974fea5eb116e56b4eaf70c263b31d819534
Author: Kirill Tkhai <ktkhai at odin.com>
Date: Thu Oct 8 14:30:14 2015 +0400
ve/nfs,nfsd: Allow to mount fs from initial VE's user_ns
Since VE's init starts in VE's own user_ns now, we should
allow CT programs to mount nfs and nfsd.
https://jira.sw.ru/browse/PSBM-40047
Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
---
fs/nfs/super.c | 6 ++++--
fs/nfsd/nfsctl.c | 4 +++-
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 4951b77..0465698 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -297,7 +297,7 @@ struct file_system_type nfs_fs_type = {
.mount = nfs_fs_mount,
.kill_sb = nfs_kill_super,
.fs_flags = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA|
- FS_VIRTUALIZED,
+ FS_VIRTUALIZED|FS_USERNS_MOUNT,
};
MODULE_ALIAS_FS("nfs");
EXPORT_SYMBOL_GPL(nfs_fs_type);
@@ -338,7 +338,7 @@ struct file_system_type nfs4_fs_type = {
.mount = nfs_fs_mount,
.kill_sb = nfs_kill_super,
.fs_flags = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA|
- FS_VIRTUALIZED,
+ FS_VIRTUALIZED|FS_USERNS_MOUNT,
};
MODULE_ALIAS_FS("nfs4");
MODULE_ALIAS("nfs4");
@@ -2636,6 +2636,8 @@ struct dentry *nfs_fs_mount(struct file_system_type *fs_type,
if (!(get_exec_env()->features & VE_FEATURE_NFS))
return ERR_PTR(-ENODEV);
+ if (!current_user_ns_initial())
+ return ERR_PTR(-EPERM);
mount_info.parsed = nfs_alloc_parsed_mount_data();
mount_info.mntfh = nfs_alloc_fhandle();
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index 048d61d..1f06f7c 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -1126,6 +1126,8 @@ static int nfsd_fill_super(struct super_block * sb, void * data, int silent)
static struct dentry *nfsd_mount(struct file_system_type *fs_type,
int flags, const char *dev_name, void *data)
{
+ if (!current_user_ns_initial())
+ return ERR_PTR(-EPERM);
return mount_ns(fs_type, flags, current->nsproxy->net_ns, nfsd_fill_super);
}
@@ -1142,7 +1144,7 @@ static struct file_system_type nfsd_fs_type = {
.name = "nfsd",
.mount = nfsd_mount,
.kill_sb = nfsd_umount,
- .fs_flags = FS_VIRTUALIZED,
+ .fs_flags = FS_VIRTUALIZED|FS_USERNS_MOUNT,
};
MODULE_ALIAS_FS("nfsd");
More information about the Devel
mailing list