[Devel] [PATCH RHEL8 COMMIT] ve/fs: namespace -- Ignore device permissions during restore

Konstantin Khorenko khorenko at virtuozzo.com
Fri Apr 16 14:27:16 MSK 2021 

The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.14
------>
commit 85f79dec09142f866d73f5debf9327dce23c7ee7
Author: Cyrill Gorcunov <gorcunov at virtuozzo.com>
Date:   Fri Apr 16 14:27:16 2021 +0300

    ve/fs: namespace -- Ignore device permissions during restore
    
    To support several storage backends (ploops) inside container
    we've hacks in libvzctl which setup "old" permissions when
    restore procedure initiated. But the former idea was simply
    allow CRIU to do all the works and restore ploops mounts
    by its own (since CRIU fetches all mount options and such).
    
    For this sake we turn off mount options filtering provisionally
    if @is_pseudosuper is set, and CRIU restore mounts as regular
    ones.
    
    https://jira.sw.ru/browse/PSBM-48188
    
    Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
    
    CC: Igor Sukhih <igor at virtuozzo.com>
    CC: Vladimir Davydov <vdavydov at virtuozzo.com>
    CC: Konstantin Khorenko <khorenko at virtuozzo.com>
    
    ===========================================
    
    VZ 8 rebase part https://jira.sw.ru/browse/PSBM-127782
    vz7 commit: fde61cc ("ve/fs: namespace -- Ignore device permissions during
    restore")
    
    Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
---
 fs/namespace.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 7866456cbad4..9f43ab7d9904 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2475,7 +2475,12 @@ int ve_devmnt_process(struct ve_struct *ve, dev_t dev, void **data_pp, int remou
 		if (devmnt->dev == dev) {
 			err = ve_devmnt_check(data, devmnt->allowed_options);
 
-			if (!err && !remount)
+			/*
+			 * In case of @is_pseudouser set, ie restore procedure,
+			 * we don't check for allowed options filtering, since
+			 * restore mode is special.
+			 */
+			if ((ve->is_pseudosuper || !err) && !remount)
 				err = ve_devmnt_insert(data, devmnt->hidden_options);
 
 			break;

More information about the Devel mailing list