[Devel] [PATCH RHEL8 COMMIT] ve/fs: namespace -- Don't fail on permissions if @ve->devmnt_list is empty

Konstantin Khorenko khorenko at virtuozzo.com
Fri Apr 16 14:27:16 MSK 2021 

The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.14
------>
commit d01dcbf3ecf14ef37a1782f9b28ecd68d880a340
Author: Cyrill Gorcunov <gorcunov at virtuozzo.com>
Date:   Fri Apr 16 14:27:16 2021 +0300

    ve/fs: namespace -- Don't fail on permissions if @ve->devmnt_list is empty
    
    In commit 7eeb5b4afa8db5a2f2e1e47ab6b84e55fc8c5661 I addressed
    first half of a problem, but I happen to work with dirty copy
    of libvzctl where mount_opts cgroup has been c/r'ed manually,
    so I missed the case where @devmnt_list is empty on restore
    (just like it is in vanilla libvzctl). So fix the second half.
    
    https://jira.sw.ru/browse/PSBM-48188
    
    Reported-by: Igor Sukhih <igor at virtuozzo.com>
    Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
    
    Reviewed-by: Vladimir Davydov <vdavydov at virtuozzo.com>
    
    CC: Konstantin Khorenko <khorenko at virtuozzo.com>
    
    +++
    fs/mount/ve: ratelimit 'no allowed mount options found for device' message
    
    Container could trigger unlimited spam in the host dmesg:
            VE100: no allowed mount options found for device 182:250449
    
    Let's ratelimit it.
    
    https://jira.sw.ru/browse/PSBM-58329
    
    Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
    
    +++
    
    VZ 8 rebase part https://jira.sw.ru/browse/PSBM-127782
    vz7 commit: 7c96d96 ("ve/fs: namespace -- Don't fail on permissions if
    @ve->devmnt_list is empty")
    
    Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
---
 fs/namespace.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 9f43ab7d9904..ee0333b84a9d 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2496,10 +2496,20 @@ int ve_devmnt_process(struct ve_struct *ve, dev_t dev, void **data_pp, int remou
 		goto again;
 	case 1:
 		if (*data_pp) {
-			ve_printk(VE_LOG_BOTH, KERN_WARNING "VE%s: no allowed "
-				  "mount options found for device %u:%u\n",
-				  ve->ve_name, MAJOR(dev), MINOR(dev));
-			err = -EPERM;
+			/*
+			 * Same as in chunk above but for case where
+			 * ve->devmnt_list is empty. Depending on
+			 * the way userspace tool restore container
+			 * it might be nonempty as well.
+			 */
+			if (ve->is_pseudosuper) {
+				err = 0;
+			} else {
+				ve_pr_warn_ratelimited(VE_LOG_BOTH, "VE%s: no allowed "
+					  "mount options found for device %u:%u\n",
+					  ve->ve_name, MAJOR(dev), MINOR(dev));
+				err = -EPERM;
+			}
 		} else
 			err = 0;
 		break;

More information about the Devel mailing list