[Devel] [PATCH RHEL8 COMMIT] ve/fs/namespace: allow submounts in non-init userns

Konstantin Khorenko khorenko at virtuozzo.com
Thu Mar 18 14:03:30 MSK 2021 

The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.8
------>
commit 39aaf4f599374a1d54d6229e3c2076946f047c68
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date:   Tue Jul 3 13:28:43 2018 +0300

    ve/fs/namespace: allow submounts in non-init userns
    
    Simple NFS mount inside a Container brings us to vfs_submount(), so if
    we want to enable NFS inside a Container (read - in non-init userns), we
    have to omit the check for init userns.
    
    SyS_mount
     do_mount
      vfs_kern_mount
       mount_fs
        nfs_fs_mount
         nfs4_try_mount
          nfs_follow_remote_path
           mount_subtree
            vfs_path_lookup
             do_path_lookup
              filename_lookup
               path_lookupat
                lookup_slow
                 follow_managed
                  nfs_d_automount
                   nfs4_submount
                    nfs_do_submount
                     vfs_submount
    
    https://jira.sw.ru/browse/PSBM-86277
    Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
    
    https://jira.sw.ru/browse/PSBM-127234
    (cherry picked from vz7 commit bc060d46276144f91a139b7d0acf384dcd0a4dde)
    Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 fs/namespace.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/fs/namespace.c b/fs/namespace.c
index ecd4a56e21ad..d91622405adb 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -983,12 +983,36 @@ struct vfsmount *
 vfs_submount(const struct dentry *mountpoint, struct file_system_type *type,
 	     const char *name, void *data)
 {
+#if 0
 	/* Until it is worked out how to pass the user namespace
 	 * through from the parent mount to the submount don't support
 	 * unprivileged mounts with submounts.
 	 */
+	/* Simple NFS mount inside a Container brings us here, so if we want to
+	 * enable NFS inside a Container (read - in non-init userns), we have
+	 * to omit the check.
+	 *  SyS_mount
+	 *   do_mount
+	 *    vfs_kern_mount
+	 *     mount_fs
+	 *      nfs_fs_mount
+	 *       nfs4_try_mount
+	 *        nfs_follow_remote_path
+	 *         mount_subtree
+	 *	    vfs_path_lookup
+	 *	     do_path_lookup
+	 *	      filename_lookup
+	 *	       path_lookupat
+	 *	        lookup_slow
+	 *	         follow_managed
+	 *	          nfs_d_automount
+	 *	           nfs4_submount
+	 *		    nfs_do_submount
+	 *		     vfs_submount
+	 */
 	if (mountpoint->d_sb->s_user_ns != &init_user_ns)
 		return ERR_PTR(-EPERM);
+#endif
 
 	return vfs_kern_mount(type, SB_SUBMOUNT, name, data);
 }

More information about the Devel mailing list