[Devel] [PATCH RHEL8 COMMIT] ve/nfsd: allow nfsd mount inside container init userns
Konstantin Khorenko
khorenko at virtuozzo.com
Wed Jun 23 17:30:23 MSK 2021
The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.48
------>
commit 17dbfa3191a8f08e7811b423e144805a23e80187
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date: Wed Jun 23 12:50:13 2021 +0300
ve/nfsd: allow nfsd mount inside container init userns
v2 changes by khorenko:
- dropped the current_user_ns_initial() check in nfsd_mount(),
same check is performed in sget_userns() now due to FS_VE_MOUNT flag
usage
https://jira.sw.ru/browse/PSBM-130825
Fixes: 92cc82cd5998 ("ve/fs/nfsd: NFSd containerization")
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Reviewed-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
fs/nfsd/nfsctl.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index ae928c0d0dc8..34c7fd59d7c8 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -1392,8 +1392,6 @@ static struct dentry *nfsd_mount(struct file_system_type *fs_type,
if (!(get_exec_env()->features & VE_FEATURE_NFSD))
return ERR_PTR(-ENODEV);
- if (!current_user_ns_initial())
- return ERR_PTR(-EPERM);
return mount_ns(fs_type, flags, data, net, net->user_ns, nfsd_fill_super);
}
@@ -1411,7 +1409,7 @@ static struct file_system_type nfsd_fs_type = {
.name = "nfsd",
.mount = nfsd_mount,
.kill_sb = nfsd_umount,
- .fs_flags = FS_VIRTUALIZED,
+ .fs_flags = FS_VIRTUALIZED | FS_VE_MOUNT,
};
MODULE_ALIAS_FS("nfsd");
More information about the Devel
mailing list