[Devel] [PATCH 2/3] fuse: Prohibit kio engine from containers

Kirill Tkhai ktkhai at virtuozzo.com
Tue Oct 30 11:55:27 MSK 2018


Currently we have several BUG_ON() ported from userspace,
and they may fire in case of it's used malicious daemon
instead of original vstorage-mount. So, just prohibit
mounting with kio from inside container.

https://pmc.acronis.com/browse/VSTOR-16325

Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
 fs/fuse/inode.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 0695b79c4c50..34e52262d37e 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -709,6 +709,8 @@ static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev)
 			break;
 		case OPT_KIO_NAME: {
 			char *name;
+			if (!ve_is_super(get_exec_env()))
+				return 0;
 			name = match_strdup(&args[0]);
 			if (!name)
 				return 0;



More information about the Devel mailing list