[Devel] [PATCH rh8 2/9] ve/fs: Allow to mount ext4 in top CT userns

[Konstantin Khorenko]

From: Kirill Tkhai <ktkhai at odin.com>

https://jira.sw.ru/browse/PSBM-40100

v2: Check that user_ns is initial for the ve.
v3: Be sure ve->init_cred is set.

Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
Acked-by: Vladimir Davydov <vdavydov at virtuozzo.com>

khorenko@: in fact we allowed to do those mounts in top CT user ns only.

(cherry picked from vz7 commit d8aabe8924283e12ef30dee49253f91f33d3e9bc
("ve/fs: Allow to mount ext4 and binfmt_misc under non-root ns"))
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 fs/ext4/super.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index db096034e7dc..663fb3ea9315 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -40,6 +40,7 @@
 #include <linux/crc16.h>
 #include <linux/dax.h>
 #include <linux/cleancache.h>
+#include <linux/ve.h>
 #include <linux/uaccess.h>
 #include <linux/iversion.h>
 
@@ -6246,6 +6247,8 @@ static int ext4_get_next_id(struct super_block *sb, struct kqid *qid)
 static struct dentry *ext4_mount(struct file_system_type *fs_type, int flags,
 		       const char *dev_name, void *data)
 {
+	if (!current_user_ns_initial())
+		return ERR_PTR(-EPERM);
 	return mount_bdev(fs_type, flags, dev_name, data, ext4_fill_super);
 }
 
@@ -6321,7 +6324,8 @@ static struct file_system_type ext4_fs_type = {
 	.name		= "ext4",
 	.mount		= ext4_mount,
 	.kill_sb	= ext4_kill_sb,
-	.fs_flags	= FS_REQUIRES_DEV | FS_VIRTUALIZED,
+	.fs_flags	= FS_REQUIRES_DEV | FS_VIRTUALIZED |
+			  FS_USERNS_MOUNT,
 };
 MODULE_ALIAS_FS("ext4");
 
-- 
2.28.0