[Devel] [PATCH vz9 14/14] ve/fs/nfs: NFS containerization

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Mon Sep 27 10:23:15 MSK 2021 

Can we also fixup/merge 2e319b6173a1 ("ve/sunrpc: Enable rpc_pipefs 
mounts in Container root user namespace") commit from vz8 to this patch?

On 27.09.2021 09:30, Nikita Yushchenko wrote:
> From: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
> 
> Does:
> 1) virtualize rpc_pipefs file system
> 2) virtualize nfs file system
> 3) allows to mount from CTs initial user ns
> 4) add VE_FEATURE_NFS check during nfsd mount
> 
> Signed-off-by: Stanislav Kinsbursky <skinsbursky at parallels.com>
> 
> +++
> ve/fs/nfs: NFS containerization - allow to mount NFS in CT root userns
> 
> Note: mounting NFS shares in any other nested userns is still
> prohibited.
> 
> https://jira.sw.ru/browse/PSBM-127234
> 
> Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
> Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> 
> khorenko@: rebase to RHEL8.4 notes:
> - the check for VE_FEATURE_NFS feature has been moved from
>    nfs_fs_mount() to nfs_init_fs_context()
> 
> +++
> ve/fs/nfs: NFS containerization - remove excess current_user_ns_initial
> 
> Now when we use FS_VE_MOUNT for nfs instead of FS_USERNS_MOUNT we
> already have a check that nfs can be mounted only from initial userns.
> 
> https://jira.sw.ru/browse/PSBM-131949
> 
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> 
> (cherry-picked from vz8 commit 1e0eb912cff3 ("ve/fs/nfs: NFS
> containerization"))
> 
> Signed-off-by: Nikita Yushchenko <nikita.yushchenko at virtuozzo.com>
> ---
>   fs/nfs/fs_context.c   | 11 +++++++++--
>   net/sunrpc/rpc_pipe.c |  1 +
>   2 files changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/nfs/fs_context.c b/fs/nfs/fs_context.c
> index d95c9a39bc70..3977438b42da 100644
> --- a/fs/nfs/fs_context.c
> +++ b/fs/nfs/fs_context.c
> @@ -17,6 +17,8 @@
>   #include <linux/nfs_fs.h>
>   #include <linux/nfs_mount.h>
>   #include <linux/nfs4_mount.h>
> +#include <uapi/linux/vzcalluser.h>
> +#include <linux/ve.h>
>   #include "nfs.h"
>   #include "internal.h"
>   
> @@ -1486,6 +1488,9 @@ static int nfs_init_fs_context(struct fs_context *fc)
>   {
>   	struct nfs_fs_context *ctx;
>   
> +	if (!(get_exec_env()->features & VE_FEATURE_NFS))
> +		return -ENODEV;
> +
>   	ctx = kzalloc(sizeof(struct nfs_fs_context), GFP_KERNEL);
>   	if (unlikely(!ctx))
>   		return -ENOMEM;
> @@ -1557,7 +1562,8 @@ struct file_system_type nfs_fs_type = {
>   	.init_fs_context	= nfs_init_fs_context,
>   	.parameters		= nfs_fs_parameters,
>   	.kill_sb		= nfs_kill_super,
> -	.fs_flags		= FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA,
> +	.fs_flags		= FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA|
> +				  FS_VIRTUALIZED|FS_VE_MOUNT,
>   };
>   MODULE_ALIAS_FS("nfs");
>   EXPORT_SYMBOL_GPL(nfs_fs_type);
> @@ -1569,7 +1575,8 @@ struct file_system_type nfs4_fs_type = {
>   	.init_fs_context	= nfs_init_fs_context,
>   	.parameters		= nfs_fs_parameters,
>   	.kill_sb		= nfs_kill_super,
> -	.fs_flags		= FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA,
> +	.fs_flags		= FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA|
> +				  FS_VIRTUALIZED|FS_VE_MOUNT,
>   };
>   MODULE_ALIAS_FS("nfs4");
>   MODULE_ALIAS("nfs4");
> diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
> index 09c000d490a1..37d08af10d30 100644
> --- a/net/sunrpc/rpc_pipe.c
> +++ b/net/sunrpc/rpc_pipe.c
> @@ -1468,6 +1468,7 @@ static struct file_system_type rpc_pipe_fs_type = {
>   	.name		= "rpc_pipefs",
>   	.init_fs_context = rpc_init_fs_context,
>   	.kill_sb	= rpc_kill_sb,
> +	.fs_flags	= FS_VIRTUALIZED,
>   };
>   MODULE_ALIAS_FS("rpc_pipefs");
>   MODULE_ALIAS("rpc_pipefs");
> 

-- 
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.

More information about the Devel mailing list