[Devel] [PATCH RH7] kmod/whitelist: allow overlay fs module autoloading
Dmitry Safonov
dsafonov at virtuozzo.com
Mon Aug 29 06:10:58 PDT 2016
On 08/29/2016 04:00 PM, Kirill Tkhai wrote:
> On 29.08.2016 15:50, Dmitry Safonov wrote:
>> Note: overlayfs will not be allowed to mount in VE until admin hasn't
>> enabled experimental fs. To do it, write to the process knob:
>> [tracing]# echo 1 > /proc/sys/fs/experimental_fs_enable
>>
>> https://jira.sw.ru/browse/PSBM-51043
>>
>> Cc: Kirill Tkhai <ktkhai at virtuozzo.com>
>> Signed-off-by: Dmitry Safonov <dsafonov at virtuozzo.com>
>> ---
>> kernel/kmod.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/kernel/kmod.c b/kernel/kmod.c
>> index 5e5c2c6c8948..151f9f2eca39 100644
>> --- a/kernel/kmod.c
>> +++ b/kernel/kmod.c
>> @@ -378,6 +378,7 @@ static inline int module_payload_iptable_allowed(const char *module)
>> /* ve0 allowed modules */
>> static const char * const ve0_allowed_mod[] = {
>> "fs-binfmt_misc",
>> + "fs-overlay",
>
> I see in modules.alias:
>
> alias fs-overlay overlay
>
> Should we add "overlay" to allowed list, or fs-overlay only is enough?
Well, I tested inside CT, it has the following call-path:
3) | /* sys_mount(dev_name: 7fb4786bb3f0, dir_name:
7fb4786bb290, type: 7fb4786bb230, flags: c0ed0000, data: 7fb4786bb330) */
3) | do_mount() {
[...]
3) | get_fs_type() {
3) | __get_fs_type() {
3) 0.031 us | _raw_read_lock();
3) 1.465 us | find_filesystem();
3) 0.200 us | try_module_get();
3) 3.333 us | }
3) | /* get_fs_type: fs ffffffffa06a5000,
request_module(fs-overlay) */
[...]
So, for sys_mount(), get_fs_type() will add 'fs-' prefix on mount,
regardless module alias, I guess.
And overlayfs successfuly mounted in CT after the patch.
--
Dmitry
More information about the Devel
mailing list