[Devel] [PATCH RH9 11/14] ve/fs/overlay: allow overlayfs to be used inside a Container
Andrey Zhadchenko
andrey.zhadchenko at virtuozzo.com
Mon Oct 4 12:17:26 MSK 2021
From: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
This is temporary decision to make Docker in CT work with overlayfs
storage driver, it can be unsafe to give access to fs-overlay module
from container.
Note: "overlay" kernel module must be pre-loaded on the Host,
it is _not_ autoloaded from inside a Container.
https://jira.sw.ru/browse/PSBM-47280
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
khorenko@: overlayfs stibility in current RHEL7 kernel has not been checked
yet, so it can be used for testing purposes only for now.
+++
ve/fs/overlay: allow overlayfs to be mounted in non-root userns
We need overlayfs to be mounted inside Container and RHEL7.5 requires a
special flag to be set on fs which are allowed to be mounted inside
non-root user namespaces.
mFixes: e381a0e538de ve/fs/overlay: allow overlayfs to be used inside a Container
https://jira.sw.ru/browse/PSBM-86153
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
----
fs/ve: add new FS_VE_MOUNT flag to allow mount in container init userns
Use this for overlayfs and remove FS_USERNS_MOUNT for it as we wan't
overlayfs mounts in container to mimic overlayfs mounts on host, and
thus they can only be mounted in init userns of container.
https://jira.sw.ru/browse/PSBM-121284
mFixes: 71dd847047f6 ("ve/fs/overlay: allow overlayfs to be used inside a
Container")
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Reviewed-by: Konstantin Khorenko <khorenko at virtuozzo.com>
(cherry picked from vz7 commit 269fa121de61afbe28875f4657895e6234ff4a83)
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
(cherry picked from vz8 commit 761149b724c983f1102e93e11cae4951bd9ef232)
Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
fs/overlayfs/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 065b777..2f49706 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -2195,7 +2195,7 @@ static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags,
.fs_flags = FS_USERNS_MOUNT,
.mount = ovl_mount,
.kill_sb = kill_anon_super,
- .fs_flags = FS_VIRTUALIZED,
+ .fs_flags = FS_VIRTUALIZED | FS_VE_MOUNT,
};
MODULE_ALIAS_FS("overlay");
--
1.8.3.1
More information about the Devel
mailing list