[Devel] [PATCH RHEL7 COMMIT] ve/binfmt_misc: Allow mount if capable(CAP_SYS_ADMIN)
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Jun 23 08:06:40 PDT 2016
The commit is pushed to "branch-rh7-3.10.0-327.18.2.vz7.14.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.18.2.vz7.14.19
------>
commit b188e9ef18fc3630568eaab2923238df31babc94
Author: Kirill Tkhai <ktkhai at virtuozzo.com>
Date: Thu Jun 23 19:06:40 2016 +0400
ve/binfmt_misc: Allow mount if capable(CAP_SYS_ADMIN)
The patch allows to mount binfmt_misc in a CT with ve0's admin caps,
and it's need that for CRIU dump. This time, unmounted binfmt_misc
may be forced mounted back, and we don't want to change CRIU's user_ns
to do that.
https://jira.sw.ru/browse/PSBM-47737
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
Reviewed-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
---
fs/binfmt_misc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index fd5227f..e259022 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -735,7 +735,7 @@ static int bm_fill_super(struct super_block * sb, void * data, int silent)
static struct dentry *bm_mount(struct file_system_type *fs_type,
int flags, const char *dev_name, void *data)
{
- if (!current_user_ns_initial())
+ if (!current_user_ns_initial() && !capable(CAP_SYS_ADMIN))
return ERR_PTR(-EPERM);
return mount_ns(fs_type, flags, get_exec_env(), bm_fill_super);
}
More information about the Devel
mailing list