[Devel] [PATCH] binfmt_misc: Allow mount if capable(CAP_SYS_ADMIN)

Kirill Tkhai ktkhai at virtuozzo.com
Wed Jun 22 06:42:26 PDT 2016


The patch allows to mount binfmt_misc in a CT with ve0's admin caps,
and it's need that for CRIU dump. This time, unmounted binfmt_misc
may be forced mounted back, and we don't want to change CRIU's user_ns
to do that.

Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
 fs/binfmt_misc.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index fd5227f..e259022 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -735,7 +735,7 @@ static int bm_fill_super(struct super_block * sb, void * data, int silent)
 static struct dentry *bm_mount(struct file_system_type *fs_type,
 	int flags, const char *dev_name, void *data)
 {
-	if (!current_user_ns_initial())
+	if (!current_user_ns_initial() && !capable(CAP_SYS_ADMIN))
 		return ERR_PTR(-EPERM);
 	return mount_ns(fs_type, flags, get_exec_env(), bm_fill_super);
 }



More information about the Devel mailing list