[Devel] [PATCH 08/13] ve/fs: namespace -- Ignore device permissions during restore
Alexander Mikhalitsyn
alexander.mikhalitsyn at virtuozzo.com
Wed Apr 14 10:57:55 MSK 2021
From: Cyrill Gorcunov <gorcunov at virtuozzo.com>
To support several storage backends (ploops) inside container
we've hacks in libvzctl which setup "old" permissions when
restore procedure initiated. But the former idea was simply
allow CRIU to do all the works and restore ploops mounts
by its own (since CRIU fetches all mount options and such).
For this sake we turn off mount options filtering provisionally
if @is_pseudosuper is set, and CRIU restore mounts as regular
ones.
https://jira.sw.ru/browse/PSBM-48188
Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
CC: Igor Sukhih <igor at virtuozzo.com>
CC: Vladimir Davydov <vdavydov at virtuozzo.com>
CC: Konstantin Khorenko <khorenko at virtuozzo.com>
===========================================
VZ 8 rebase part https://jira.sw.ru/browse/PSBM-127782
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
---
fs/namespace.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 7866456cbad4..9f43ab7d9904 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2475,7 +2475,12 @@ int ve_devmnt_process(struct ve_struct *ve, dev_t dev, void **data_pp, int remou
if (devmnt->dev == dev) {
err = ve_devmnt_check(data, devmnt->allowed_options);
- if (!err && !remount)
+ /*
+ * In case of @is_pseudouser set, ie restore procedure,
+ * we don't check for allowed options filtering, since
+ * restore mode is special.
+ */
+ if ((ve->is_pseudosuper || !err) && !remount)
err = ve_devmnt_insert(data, devmnt->hidden_options);
break;
--
2.28.0
More information about the Devel
mailing list