[Devel] [PATCH RHEL7 COMMIT] ve/sysfs: propagate access to all sub-directories hierarchically

Konstantin Khorenko khorenko at virtuozzo.com
Tue Sep 1 06:58:42 PDT 2015 

The commit is pushed to "branch-rh7-3.10.0-229.7.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.6.5
------>
commit 1a33dd2936a14ae4fbede97c34ac5fbfc3dc8f30
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date:   Tue Sep 1 17:58:42 2015 +0400

    ve/sysfs: propagate access to all sub-directories hierarchically
    
    Docker test TestGetContainerStats asks docker to get network
    stats of container. Docker tries to get network devices stats
    like count of bytes or packets sent/received from:
    /sys/class/net/[device_name]/statistics/*
    
    We showed only statistics directory but not it's content as
    namespace tag check went up only for one level. So make this
    check fully hierarchical for docker.
    
    https://jira.sw.ru/browse/PSBM-34523
    
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    Reviewed-by: Vladimir Davydov <vdavydov at parallels.com>
---
 fs/sysfs/dir.c   | 10 +++++++---
 fs/sysfs/inode.c |  8 ++++++--
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index da73287..b4a7fda 100644
--- a/fs/sysfs/dir.c
+++ b/fs/sysfs/dir.c
@@ -77,14 +77,18 @@ static int sysfs_sd_compare(const struct sysfs_dirent *left,
 static bool sysfs_sd_visible(struct sysfs_dirent *sd, struct super_block *sb)
 {
 	struct ve_struct *ve = sysfs_info(sb)->ve;
+	struct sysfs_dirent *tmp_sd = sd;
 
 	/* Host sees anything */
 	if (ve_is_super(ve))
 		return true;
 
-	/* Entries with namespace tag always visible */
-	if (sd->s_ns || (sd->s_parent && sd->s_parent->s_ns))
-		return true;
+	/* Entries with namespace tag and their sub-entries always visible */
+	while (tmp_sd) {
+		if (tmp_sd->s_ns)
+			return true;
+		tmp_sd = tmp_sd->s_parent;
+	}
 
 	/* Symlinks are visible if target sd is visible */
 	if (sysfs_type(sd) == SYSFS_KOBJ_LINK)
diff --git a/fs/sysfs/inode.c b/fs/sysfs/inode.c
index 45f5212..7e54859 100644
--- a/fs/sysfs/inode.c
+++ b/fs/sysfs/inode.c
@@ -345,13 +345,17 @@ int sysfs_hash_and_remove(struct sysfs_dirent *dir_sd, const void *ns, const cha
 static int sysfs_sd_permission(struct sysfs_dirent *sd, int mask)
 {
 	struct ve_struct *ve = get_exec_env();
+	struct sysfs_dirent *tmp_sd = sd;
 	int perm;
 
 	if (ve_is_super(ve))
 		return 0;
 
-	if (sd->s_ns || (sd->s_parent && sd->s_parent->s_ns))
-		return 0;
+	while (tmp_sd) {
+		if (tmp_sd->s_ns)
+			return 0;
+		tmp_sd = tmp_sd->s_parent;
+	}
 
 	if (sysfs_type(sd) == SYSFS_KOBJ_LINK)
 		sd = sd->s_symlink.target_sd;

More information about the Devel mailing list