[Devel] [PATCH RH9 00/13] Port part 8: sysfs virtualization

Tue Sep 21 19:04:18 MSK 2021

https://jira.sw.ru/browse/PSBM-133991

Cyrill Gorcunov (1):
  ve/security: device_cgroup -- Allow manage devices in @pseudosuper
    state

Konstantin Khorenko (3):
  ve: Implement current_user_ns_initial() helper
  ptrace: prevent tracing "init" from inside a CT
  ve/mm/trace: introduce vps_dumpable flag

Pavel Tikhomirov (3):
  kernfs/sysfs: add ioctl to get fd network namespace tag
  ve/device_cgroup: fake allowing all devices for docker inside VZCT
  ve/netns: limit number of network namespaces per container

Stanislav Kinsburskiy (6):
  kmapset: set of key-value mappings with build-in
  ve/kernfs: implement ve-based permissions
  ve/kernfs: hide forbidden entries in container
  ve/kernfs: add new interface to control per-VE nodes visibility
  ve/sysfs: add dentries visibility filter
  ve/fs: allow devices-realted mounts in VE initial user namespace

 fs/coredump.c               |   3 +
 fs/exec.c                   |   1 +
 fs/kernfs/Makefile          |   1 +
 fs/kernfs/dir.c             |  15 ++
 fs/kernfs/file.c            |  23 +++
 fs/kernfs/inode.c           |   8 +-
 fs/kernfs/kernfs-internal.h |   5 +
 fs/kernfs/kernfs-ve.h       |  51 ++++++
 fs/kernfs/mount.c           |   1 +
 fs/kernfs/ve.c              | 354 ++++++++++++++++++++++++++++++++++++
 fs/super.c                  |   3 +-
 fs/sysfs/Makefile           |   1 +
 fs/sysfs/mount.c            |  10 +-
 fs/sysfs/sysfs.h            |  11 ++
 fs/sysfs/ve.c               |  96 ++++++++++
 include/linux/kernfs-ve.h   |  45 +++++
 include/linux/kernfs.h      |  11 ++
 include/linux/kmapset.h     | 105 +++++++++++
 include/linux/mm_types.h    |   7 +
 include/linux/ve.h          |  15 ++
 include/net/net_namespace.h |   1 +
 kernel/ptrace.c             |  17 ++
 kernel/ve/ve.c              |  72 +++++++-
 lib/Makefile                |   2 +
 lib/kmapset.c               | 342 ++++++++++++++++++++++++++++++++++
 net/core/net_namespace.c    |  37 ++++
 security/device_cgroup.c    |  26 ++-
 27 files changed, 1257 insertions(+), 6 deletions(-)
 create mode 100644 fs/kernfs/kernfs-ve.h
 create mode 100644 fs/kernfs/ve.c
 create mode 100644 fs/sysfs/ve.c
 create mode 100644 include/linux/kernfs-ve.h
 create mode 100644 include/linux/kmapset.h
 create mode 100644 lib/kmapset.c

-- 
2.31.1