[Devel] [PATCH RHEL COMMIT] fs: Mask appropriate filesystems FS_VIRTUALIZED
Konstantin Khorenko
khorenko at virtuozzo.com
Fri Sep 24 15:48:45 MSK 2021
The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit a4aa5f40ca7e17403c799345a8277ad773344abc
Author: Kirill Tkhai <ktkhai at virtuozzo.com>
Date: Fri Sep 24 15:48:44 2021 +0300
fs: Mask appropriate filesystems FS_VIRTUALIZED
Extracted from "Initial patch".
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
+++
ve/fs/autofs: Allow autofs to be used inside a container
It turned out that autofs is used at least for NFS/CIFS and binfmt_misc.
Let's use new FS_VE_MOUNT flag to only allow autofs mounts in
conainer-init userns, which would mimic mainstream host behaviour.
https://jira.sw.ru/browse/PSBM-26968
https://jira.sw.ru/browse/PSBM-86138
https://jira.sw.ru/browse/PSBM-128649
Rebase from VZ7, with use of FS_VE_MOUNT and with comment cleanup:
vz7 commits:
83c27c7bffcc1 ("ve/fs/autofs: mark autofs as virtualized")
0045b317c97b ("ve/fs/autofs: allow to mount autofs inside non-root userns")
mFixes: 7ddb6e8dd9f6 ("fs: Mask appropriate filesystems FS_VIRTUALIZED")
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
+++
fs/ext4: removed FS_VIRTUALIZED flag from 'ext3' mode of ext4 module
FS_VIRTUALIZED flag makes a registered filesystem visible in container.
ext3 is part of ext4 module that is run with untested set of flags.
Signed-off-by: Valeriy.Vdovin <valeriy.vdovin at virtuozzo.com>
khorenko@: this flag allows to mount ext3 fs inside a Container
if a Container has proper permissions for a device to be mounted.
In vz7 we never allowed it, we don't test it, so don't see any
advantages of enabling it in vz8. We can change this of course upon
request.
(cherry picked from vz8 commit b594c31c974e708e96826dcd2d903c6472dfea2d)
Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
fs/autofs/init.c | 1 +
fs/devpts/inode.c | 2 +-
fs/ext4/super.c | 2 +-
fs/fuse/inode.c | 2 +-
fs/overlayfs/super.c | 1 +
fs/proc/root.c | 2 +-
fs/sysfs/mount.c | 2 +-
fs/xfs/xfs_super.c | 2 +-
include/linux/fs.h | 1 +
ipc/mqueue.c | 2 +-
kernel/cgroup/cgroup.c | 2 +-
mm/shmem.c | 2 +-
12 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/fs/autofs/init.c b/fs/autofs/init.c
index d3f55e874338..f1e04163633a 100644
--- a/fs/autofs/init.c
+++ b/fs/autofs/init.c
@@ -18,6 +18,7 @@ struct file_system_type autofs_fs_type = {
.name = "autofs",
.mount = autofs_mount,
.kill_sb = autofs_kill_sb,
+ .fs_flags = FS_VIRTUALIZED | FS_VE_MOUNT,
};
MODULE_ALIAS_FS("autofs");
MODULE_ALIAS("autofs");
diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
index 42e5a766d33c..d67ed08444aa 100644
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@ -519,7 +519,7 @@ static struct file_system_type devpts_fs_type = {
.name = "devpts",
.mount = devpts_mount,
.kill_sb = devpts_kill_sb,
- .fs_flags = FS_USERNS_MOUNT,
+ .fs_flags = FS_USERNS_MOUNT | FS_VIRTUALIZED,
};
/*
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 2bde0a2d1683..befbb0892fdd 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6704,7 +6704,7 @@ static struct file_system_type ext4_fs_type = {
.name = "ext4",
.mount = ext4_mount,
.kill_sb = kill_block_super,
- .fs_flags = FS_REQUIRES_DEV | FS_ALLOW_IDMAP,
+ .fs_flags = FS_REQUIRES_DEV | FS_ALLOW_IDMAP | FS_VIRTUALIZED,
};
MODULE_ALIAS_FS("ext4");
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index b9beb39a4a18..5705943ccacb 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1671,7 +1671,7 @@ static void fuse_kill_sb_anon(struct super_block *sb)
static struct file_system_type fuse_fs_type = {
.owner = THIS_MODULE,
.name = "fuse",
- .fs_flags = FS_HAS_SUBTYPE | FS_USERNS_MOUNT,
+ .fs_flags = FS_HAS_SUBTYPE | FS_USERNS_MOUNT | FS_VIRTUALIZED,
.init_fs_context = fuse_init_fs_context,
.parameters = fuse_fs_parameters,
.kill_sb = fuse_kill_sb_anon,
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index b01d4147520d..74571ad7ef4f 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -2166,6 +2166,7 @@ static struct file_system_type ovl_fs_type = {
.fs_flags = FS_USERNS_MOUNT,
.mount = ovl_mount,
.kill_sb = kill_anon_super,
+ .fs_flags = FS_VIRTUALIZED,
};
MODULE_ALIAS_FS("overlay");
diff --git a/fs/proc/root.c b/fs/proc/root.c
index c7e3b1350ef8..02a4a3d631b0 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
@@ -282,7 +282,7 @@ static struct file_system_type proc_fs_type = {
.init_fs_context = proc_init_fs_context,
.parameters = proc_fs_parameters,
.kill_sb = proc_kill_sb,
- .fs_flags = FS_USERNS_MOUNT | FS_DISALLOW_NOTIFY_PERM,
+ .fs_flags = FS_USERNS_MOUNT | FS_DISALLOW_NOTIFY_PERM | FS_VIRTUALIZED,
};
void __init proc_root_init(void)
diff --git a/fs/sysfs/mount.c b/fs/sysfs/mount.c
index 7714e1c67fd1..cfd0b25ce8e0 100644
--- a/fs/sysfs/mount.c
+++ b/fs/sysfs/mount.c
@@ -93,7 +93,7 @@ static struct file_system_type sysfs_fs_type = {
.name = "sysfs",
.init_fs_context = sysfs_init_fs_context,
.kill_sb = sysfs_kill_sb,
- .fs_flags = FS_USERNS_MOUNT,
+ .fs_flags = FS_USERNS_MOUNT | FS_VIRTUALIZED,
};
int __init sysfs_init(void)
diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c
index 9820fa8c7c30..304875c0d3cc 100644
--- a/fs/xfs/xfs_super.c
+++ b/fs/xfs/xfs_super.c
@@ -1888,7 +1888,7 @@ static struct file_system_type xfs_fs_type = {
.init_fs_context = xfs_init_fs_context,
.parameters = xfs_fs_parameters,
.kill_sb = kill_block_super,
- .fs_flags = FS_REQUIRES_DEV | FS_ALLOW_IDMAP,
+ .fs_flags = FS_REQUIRES_DEV | FS_ALLOW_IDMAP | FS_VIRTUALIZED,
};
MODULE_ALIAS_FS("xfs");
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 57a6ce644214..8d86a85187ae 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2476,6 +2476,7 @@ struct file_system_type {
#define FS_ALLOW_IDMAP 32 /* FS has been updated to handle vfs idmappings. */
#define FS_THP_SUPPORT 8192 /* Remove once all fs converted */
+#define FS_VIRTUALIZED 64 /* Can mount this fstype inside ve */
#define FS_VE_MOUNT 128 /* Can be mounted in VE init userns */
#define FS_RENAME_DOES_D_MOVE 32768 /* FS will handle d_move() during rename() internally. */
int (*init_fs_context)(struct fs_context *);
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 5becca9be867..3177c2b3c950 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -1672,7 +1672,7 @@ static struct file_system_type mqueue_fs_type = {
.name = "mqueue",
.init_fs_context = mqueue_init_fs_context,
.kill_sb = kill_litter_super,
- .fs_flags = FS_USERNS_MOUNT,
+ .fs_flags = FS_USERNS_MOUNT | FS_VIRTUALIZED,
};
int mq_init_ns(struct ipc_namespace *ns)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 1d902b65662d..da0e69dae51b 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -2261,7 +2261,7 @@ struct file_system_type cgroup_fs_type = {
.init_fs_context = cgroup_init_fs_context,
.parameters = cgroup1_fs_parameters,
.kill_sb = cgroup_kill_sb,
- .fs_flags = FS_USERNS_MOUNT,
+ .fs_flags = FS_USERNS_MOUNT | FS_VIRTUALIZED,
};
static struct file_system_type cgroup2_fs_type = {
diff --git a/mm/shmem.c b/mm/shmem.c
index dacda7463d54..4bce39662d70 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -3881,7 +3881,7 @@ static struct file_system_type shmem_fs_type = {
.parameters = shmem_fs_parameters,
#endif
.kill_sb = kill_litter_super,
- .fs_flags = FS_USERNS_MOUNT | FS_THP_SUPPORT,
+ .fs_flags = FS_USERNS_MOUNT | FS_THP_SUPPORT | FS_VIRTUALIZED,
};
int __init shmem_init(void)
More information about the Devel
mailing list