[Devel] [PATCH RH7] ve/sunrpc: prohibit mounting rpc_pipefs in CT without nfsd feature
Vasily Averin
vvs at virtuozzo.com
Thu Sep 6 16:48:59 MSK 2018
I prefer to use ve_is_super() check here
but it is up to you.
Reviewed-by: Vasily Averin <vvs at virtuozzo.com>
On 09/06/2018 04:39 PM, Pavel Tikhomirov wrote:
> We have all features for ve0:
>
> struct ve_struct ve0 = {
> ...
> .features = -1,
>
> crash> p -x ve0.features
> $2 = 0xffffffffffffffff
>
> On 09/06/2018 04:32 PM, Vasily Averin wrote:
>> I afraid it will not allow to mount this filesystem even in VE0
>>
>> On 09/06/2018 04:18 PM, Pavel Tikhomirov wrote:
>>> We need rpc_pipefs for nfs server, but it breaks criu migration as
>>> opened /var/lib/nfs/rpc_pipefs/nfs/clntX files are not supported yet.
>>> Thus only allow mounting rpc_pipefs if CT has "--features nfsd:on".
>>>
>>> https://jira.sw.ru/browse/PSBM-87836
>>> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
>>> ---
>>> net/sunrpc/rpc_pipe.c | 7 +++++++
>>> 1 file changed, 7 insertions(+)
>>>
>>> diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
>>> index 62d442aad553..868d657e5cb2 100644
>>> --- a/net/sunrpc/rpc_pipe.c
>>> +++ b/net/sunrpc/rpc_pipe.c
>>> @@ -31,6 +31,9 @@
>>> #include <linux/nsproxy.h>
>>> #include <linux/notifier.h>
>>> +#include <uapi/linux/vzcalluser.h>
>>> +#include <linux/ve.h>
>>> +
>>> #include "netns.h"
>>> #include "sunrpc.h"
>>> @@ -1458,6 +1461,10 @@ rpc_mount(struct file_system_type *fs_type,
>>> int flags, const char *dev_name, void *data)
>>> {
>>> struct net *net = current->nsproxy->net_ns;
>>> +
>>> + if (!(get_exec_env()->features & VE_FEATURE_NFSD))
>>> + return ERR_PTR(-ENODEV);
>>> +
>>> return mount_ns(fs_type, flags, data, net, net->user_ns, rpc_fill_super);
>>> }
>>>
>
More information about the Devel
mailing list