[Devel] [PATCH RHEL7 COMMIT] ve/binfmt_misc: Allow mount if capable(CAP_SYS_ADMIN)

Konstantin Khorenko khorenko at virtuozzo.com
Thu Jun 23 08:06:40 PDT 2016


The commit is pushed to "branch-rh7-3.10.0-327.18.2.vz7.14.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.18.2.vz7.14.19
------>
commit b188e9ef18fc3630568eaab2923238df31babc94
Author: Kirill Tkhai <ktkhai at virtuozzo.com>
Date:   Thu Jun 23 19:06:40 2016 +0400

    ve/binfmt_misc: Allow mount if capable(CAP_SYS_ADMIN)
    
    The patch allows to mount binfmt_misc in a CT with ve0's admin caps,
    and it's need that for CRIU dump. This time, unmounted binfmt_misc
    may be forced mounted back, and we don't want to change CRIU's user_ns
    to do that.
    
    https://jira.sw.ru/browse/PSBM-47737
    
    Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
    Reviewed-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
---
 fs/binfmt_misc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index fd5227f..e259022 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -735,7 +735,7 @@ static int bm_fill_super(struct super_block * sb, void * data, int silent)
 static struct dentry *bm_mount(struct file_system_type *fs_type,
 	int flags, const char *dev_name, void *data)
 {
-	if (!current_user_ns_initial())
+	if (!current_user_ns_initial() && !capable(CAP_SYS_ADMIN))
 		return ERR_PTR(-EPERM);
 	return mount_ns(fs_type, flags, get_exec_env(), bm_fill_super);
 }


More information about the Devel mailing list