[Devel] [PATCH RHEL7 COMMIT] ve/ext4: treat panic_on_errors as remount-ro_on_errors in CTs

Konstantin Khorenko khorenko at virtuozzo.com
Tue Feb 16 01:45:32 PST 2016 

The commit is pushed to "branch-rh7-3.10.0-327.4.5.vz7.11.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.4.5.vz7.11.2
------>
commit d1e51a0d263c6a0a7f231b301fcd93f968b540c4
Author: Dmitry Monakhov <dmonakhov at openvz.org>
Date:   Tue Feb 16 13:45:32 2016 +0400

    ve/ext4: treat panic_on_errors as remount-ro_on_errors in CTs
    
    This is a port from 2.6.32-x of:
    
    	* diff-ext4-in-containers-treat-panic_on_errors-as-remount-ro_on_errors
    
    	ext4: in containers treat errors=panic as
    
    	Container can explode whole node if it remounts its ploop
    	with option 'errors=panic' and triggers abort after that.
    
    	Signed-off-by: Konstantin Khlebnikov <khlebnikov at openvz.org>
    	Acked-by: Maxim V. Patlasov <mpatlasov at parallels.com>
    
    Signed-off-by: Dmitry Monakhov <dmonakhov at openvz.org>
    
    khorenko@: currently we have devmnt->allowed_options options which are
    configured via userspace and currently vzctl provides empty list.
    This is an additional check - just in case someone get secondary
    ploop image with 'errors=panic' mount option saved in the image
    and mounts it from inside a CT.
---
 fs/ext4/super.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 7c39842..78fcdbc 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1380,6 +1380,7 @@ static int clear_qf_name(struct super_block *sb, int qtype)
 #define MOPT_NO_EXT3	0x0200
 #define MOPT_EXT4_ONLY	(MOPT_NO_EXT2 | MOPT_NO_EXT3)
 #define MOPT_STRING	0x0400
+#define MOPT_WANT_SYS_ADMIN	0x0800
 
 static const struct mount_opts {
 	int	token;
@@ -1410,7 +1411,7 @@ static const struct mount_opts {
 				    EXT4_MOUNT_JOURNAL_CHECKSUM),
 	 MOPT_EXT4_ONLY | MOPT_SET},
 	{Opt_noload, EXT4_MOUNT_NOLOAD, MOPT_NO_EXT2 | MOPT_SET},
-	{Opt_err_panic, EXT4_MOUNT_ERRORS_PANIC, MOPT_SET | MOPT_CLEAR_ERR},
+	{Opt_err_panic, EXT4_MOUNT_ERRORS_PANIC, MOPT_SET | MOPT_CLEAR_ERR|MOPT_WANT_SYS_ADMIN},
 	{Opt_err_ro, EXT4_MOUNT_ERRORS_RO, MOPT_SET | MOPT_CLEAR_ERR},
 	{Opt_err_cont, EXT4_MOUNT_ERRORS_CONT, MOPT_SET | MOPT_CLEAR_ERR},
 	{Opt_data_err_abort, EXT4_MOUNT_DATA_ERR_ABORT,
@@ -1558,6 +1559,9 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token,
 		set_opt2(sb, EXPLICIT_DELALLOC);
 	if (m->flags & MOPT_CLEAR_ERR)
 		clear_opt(sb, ERRORS_MASK);
+	if (m->flags & MOPT_WANT_SYS_ADMIN && !capable(CAP_SYS_ADMIN))
+		return 1;
+
 	if (token == Opt_noquota && sb_any_quota_loaded(sb)) {
 		ext4_msg(sb, KERN_ERR, "Cannot change quota "
 			 "options when quota turned on");
@@ -3720,8 +3724,12 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
 	else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_WBACK)
 		set_opt(sb, WRITEBACK_DATA);
 
-	if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_PANIC)
-		set_opt(sb, ERRORS_PANIC);
+	if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_PANIC) {
+		if (capable(CAP_SYS_ADMIN))
+			set_opt(sb, ERRORS_PANIC);
+		else
+			set_opt(sb, ERRORS_RO);
+	}
 	else if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_CONTINUE)
 		set_opt(sb, ERRORS_CONT);
 	else

More information about the Devel mailing list