[Devel] [PATCH RH7] kmod/whitelist: allow overlay fs module autoloading

Mon Aug 29 06:10:58 PDT 2016

On 08/29/2016 04:00 PM, Kirill Tkhai wrote:
> On 29.08.2016 15:50, Dmitry Safonov wrote:
>> Note: overlayfs will not be allowed to mount in VE until admin hasn't
>> enabled experimental fs. To do it, write to the process knob:
>>   [tracing]# echo 1 > /proc/sys/fs/experimental_fs_enable
>>
>> https://jira.sw.ru/browse/PSBM-51043
>>
>> Cc: Kirill Tkhai <ktkhai at virtuozzo.com>
>> Signed-off-by: Dmitry Safonov <dsafonov at virtuozzo.com>
>> ---
>>  kernel/kmod.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/kernel/kmod.c b/kernel/kmod.c
>> index 5e5c2c6c8948..151f9f2eca39 100644
>> --- a/kernel/kmod.c
>> +++ b/kernel/kmod.c
>> @@ -378,6 +378,7 @@ static inline int module_payload_iptable_allowed(const char *module)
>>  /* ve0 allowed modules */
>>  static const char * const ve0_allowed_mod[] = {
>>  	"fs-binfmt_misc",
>> +	"fs-overlay",
>
> I see in modules.alias:
>
> alias fs-overlay overlay
>
> Should we add "overlay" to allowed list, or fs-overlay only is enough?

Well, I tested inside CT, it has the following call-path:

  3)               |  /* sys_mount(dev_name: 7fb4786bb3f0, dir_name: 
7fb4786bb290, type: 7fb4786bb230, flags: c0ed0000, data: 7fb4786bb330) */
  3)               |  do_mount() {
[...]
  3)               |    get_fs_type() {
  3)               |      __get_fs_type() {
  3)   0.031 us    |        _raw_read_lock();
  3)   1.465 us    |        find_filesystem();
  3)   0.200 us    |        try_module_get();
  3)   3.333 us    |      }
  3)               |      /* get_fs_type: fs ffffffffa06a5000, 
request_module(fs-overlay) */
[...]

So, for sys_mount(), get_fs_type() will add 'fs-' prefix on mount,
regardless module alias, I guess.
And overlayfs successfuly mounted in CT after the patch.

-- 
              Dmitry