[Devel] [PATCH rh9] ovl: Resurrect ability to mount overlayfs in nested userns
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Mon Aug 15 11:35:51 MSK 2022
Looks good.
On 10.08.2022 19:25, Konstantin Khorenko wrote:
> In vz7 mounting overlayfs in nested userns was prohibited and
> we used FS_VIRTUALIZED | FS_VE_MOUNT fs_flags to allow mounting it
> inside top Container userns.
>
> In vz9 kernel mounting overlayfs in nested userns is enabled already:
> ms commit 459c7c565ac3 ("ovl: unprivieged mounts")
>
> So now we should not prohibit mounting ovl in nested user namespaces
> inside a Container.
>
> Fixes: 568f747791c7 ("fs: Mask appropriate filesystems FS_VIRTUALIZED")
> Fixes: 90df7a5ce836 ("ve/fs/overlay: allow overlayfs to be used inside a
> Container")
>
Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
> ---
> fs/overlayfs/super.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
> index d85596325846..a2526825724c 100644
> --- a/fs/overlayfs/super.c
> +++ b/fs/overlayfs/super.c
> @@ -2197,10 +2197,9 @@ static struct dentry *ovl_mount(struct file_system_type *fs_type, int flags,
> static struct file_system_type ovl_fs_type = {
> .owner = THIS_MODULE,
> .name = "overlay",
> - .fs_flags = FS_USERNS_MOUNT,
> + .fs_flags = FS_USERNS_MOUNT | FS_VIRTUALIZED,
> .mount = ovl_mount,
> .kill_sb = kill_anon_super,
> - .fs_flags = FS_VIRTUALIZED | FS_VE_MOUNT,
> };
> MODULE_ALIAS_FS("overlay");
>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the Devel
mailing list