[Devel] [PATCH RH8] ve/sunrpc: enable rpc_pipefs mounts inside non-init user namespaces
Evgenii Shatokhin
eshatokhin at virtuozzo.com
Thu May 20 19:57:22 MSK 2021
From: Vasily Averin <vvs at virtuozzo.com>
This patch enables rpc_pipefs mounts inside Containers,
required for nfsd in SLES11-based Containers.
https://jira.sw.ru/browse/PSBM-86395
Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
eshatokhin@:
Used FS_VE_MOUNT as suggested by Pavel Tikhomirov (ptikhomirov@) instead
of FS_USERNS_MOUNT: it is better to allow mounts only from the init
userns of a container rather than from just any userns.
Done in the scope of https://jira.sw.ru/browse/PSBM-127830.
Signed-off-by: Evgenii Shatokhin <eshatokhin at virtuozzo.com>
---
net/sunrpc/rpc_pipe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index 775a79b9df17..9e22b3d28cbc 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -1450,7 +1450,7 @@ static struct file_system_type rpc_pipe_fs_type = {
.name = "rpc_pipefs",
.mount = rpc_mount,
.kill_sb = rpc_kill_sb,
- .fs_flags = FS_VIRTUALIZED,
+ .fs_flags = FS_VIRTUALIZED | FS_VE_MOUNT,
};
MODULE_ALIAS_FS("rpc_pipefs");
MODULE_ALIAS("rpc_pipefs");
--
2.29.0
More information about the Devel
mailing list