[Devel] [PATCH 09/13] ve/fs: namespace -- Don't fail on permissions if @ve->devmnt_list is empty

Alexander Mikhalitsyn alexander.mikhalitsyn at virtuozzo.com
Wed Apr 14 10:44:54 MSK 2021 

From: Cyrill Gorcunov <gorcunov at virtuozzo.com>

In commit 7eeb5b4afa8db5a2f2e1e47ab6b84e55fc8c5661 I addressed
first half of a problem, but I happen to work with dirty copy
of libvzctl where mount_opts cgroup has been c/r'ed manually,
so I missed the case where @devmnt_list is empty on restore
(just like it is in vanilla libvzctl). So fix the second half.

https://jira.sw.ru/browse/PSBM-48188

Reported-by: Igor Sukhih <igor at virtuozzo.com>
Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
Reviewed-by: Vladimir Davydov <vdavydov at virtuozzo.com>

CC: Konstantin Khorenko <khorenko at virtuozzo.com>

+++
fs/mount/ve: ratelimit 'no allowed mount options found for device' message

Container could trigger unlimited spam in the host dmesg:
	VE100: no allowed mount options found for device 182:250449

Let's ratelimit it.

https://jira.sw.ru/browse/PSBM-58329

Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>

+++

VZ 8 rebase part https://jira.sw.ru/browse/PSBM-127782

Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
---
 fs/namespace.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 9f43ab7d9904..ee0333b84a9d 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2496,10 +2496,20 @@ int ve_devmnt_process(struct ve_struct *ve, dev_t dev, void **data_pp, int remou
 		goto again;
 	case 1:
 		if (*data_pp) {
-			ve_printk(VE_LOG_BOTH, KERN_WARNING "VE%s: no allowed "
-				  "mount options found for device %u:%u\n",
-				  ve->ve_name, MAJOR(dev), MINOR(dev));
-			err = -EPERM;
+			/*
+			 * Same as in chunk above but for case where
+			 * ve->devmnt_list is empty. Depending on
+			 * the way userspace tool restore container
+			 * it might be nonempty as well.
+			 */
+			if (ve->is_pseudosuper) {
+				err = 0;
+			} else {
+				ve_pr_warn_ratelimited(VE_LOG_BOTH, "VE%s: no allowed "
+					  "mount options found for device %u:%u\n",
+					  ve->ve_name, MAJOR(dev), MINOR(dev));
+				err = -EPERM;
+			}
 		} else
 			err = 0;
 		break;
-- 
2.28.0

More information about the Devel mailing list