[Devel] [PATCH 2/3] fuse: Prohibit kio engine from containers
Kirill Tkhai
ktkhai at virtuozzo.com
Tue Oct 30 11:55:27 MSK 2018
Currently we have several BUG_ON() ported from userspace,
and they may fire in case of it's used malicious daemon
instead of original vstorage-mount. So, just prohibit
mounting with kio from inside container.
https://pmc.acronis.com/browse/VSTOR-16325
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
fs/fuse/inode.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 0695b79c4c50..34e52262d37e 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -709,6 +709,8 @@ static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev)
break;
case OPT_KIO_NAME: {
char *name;
+ if (!ve_is_super(get_exec_env()))
+ return 0;
name = match_strdup(&args[0]);
if (!name)
return 0;
More information about the Devel
mailing list