[Devel] [PATCH RHEL COMMIT] ve/sunrpc: Enable rpc_pipefs mounts in Container root user namespace

Fri Oct 1 18:40:17 MSK 2021

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit 64c293d648aac1f7b08a7a7dfd5a67e0c059d5b4
Author: Vasily Averin <vvs at virtuozzo.com>
Date:   Fri Oct 1 18:40:17 2021 +0300

    ve/sunrpc: Enable rpc_pipefs mounts in Container root user namespace
    
    This patch enables rpc_pipefs mounts inside Containers,
    required for nfsd in SLES11-based Containers.
    
    https://jira.sw.ru/browse/PSBM-86395
    Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
    
    eshatokhin@:
    Used FS_VE_MOUNT as suggested by Pavel Tikhomirov (ptikhomirov@) instead
    of FS_USERNS_MOUNT: it is better to allow mounts only from the init
    userns of a container rather than from just any userns.
    
    Done in the scope of https://jira.sw.ru/browse/PSBM-127830.
    
    Cherry-picked from vz7 commit 38505601d0b7 ("ve/sunrpc: enable
    rpc_pipefs mounts inside non-init user namespaces")
    
    Signed-off-by: Evgenii Shatokhin <eshatokhin at virtuozzo.com>
    
    (cherry-picked from vz8 commit 2e319b6173a1 ("ve/sunrpc: Enable rpc_pipefs
    mounts in Container root user namespace"))
    
    Signed-off-by: Nikita Yushchenko <nikita.yushchenko at virtuozzo.com>
---
 net/sunrpc/rpc_pipe.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index c6f227b8fb8d..d9a0c5705121 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -1474,7 +1474,7 @@ static struct file_system_type rpc_pipe_fs_type = {
 	.name		= "rpc_pipefs",
 	.init_fs_context = rpc_init_fs_context,
 	.kill_sb	= rpc_kill_sb,
-	.fs_flags	= FS_VIRTUALIZED,
+	.fs_flags	= FS_VIRTUALIZED | FS_VE_MOUNT,
 };
 MODULE_ALIAS_FS("rpc_pipefs");
 MODULE_ALIAS("rpc_pipefs");
