[Devel] [PATCH RH8] devcgroup: Allow mounting device with no write perm for new mount api

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Thu Aug 19 12:57:41 MSK 2021


After rebase to RH8.4 we now have alternative code path to mount bdev
for filesystems which switched to new mount api (e.g. checked it on
xfs). Without this fix if block device with xfs is available in
container and has "b major:minor rM" device cgroup allow rule for this
container, the user inside would still not be able to mount this disk,
which means "M" would not work.

Note: we use "M" instead of "w" when we want to only allow mounting of
the given disk but not writes to it.

Fixes: 6d716d983506 ("device_cgroup: add device visibility virtualization in CT")
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
 fs/super.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/super.c b/fs/super.c
index a68ab7d3e1b7..2edab581b876 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -1328,7 +1328,7 @@ int get_tree_bdev(struct fs_context *fc,
 	if (!fc->source)
 		return invalf(fc, "No source specified");
 
-	bdev = blkdev_get_by_path(fc->source, mode, fc->fs_type);
+	bdev = blkdev_get_by_path(fc->source, mode | FMODE_MOUNT, fc->fs_type);
 	if (IS_ERR(bdev)) {
 		errorf(fc, "%s: Can't open blockdev", fc->source);
 		return PTR_ERR(bdev);
-- 
2.31.1



More information about the Devel mailing list