[Devel] [PATCH RHEL7 COMMIT] ve/sysfs: propagate access to all sub-directories hierarchically

Tue, 01 Sep 2015 07:10:43 -0700 

The commit is pushed to "branch-rh7-3.10.0-229.7.2-ovz" and will appear at 
https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.6.5
------>
commit 1a33dd2936a14ae4fbede97c34ac5fbfc3dc8f30
Author: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
Date:   Tue Sep 1 17:58:42 2015 +0400

    ve/sysfs: propagate access to all sub-directories hierarchically
    
    Docker test TestGetContainerStats asks docker to get network
    stats of container. Docker tries to get network devices stats
    like count of bytes or packets sent/received from:
    /sys/class/net/[device_name]/statistics/*
    
    We showed only statistics directory but not it's content as
    namespace tag check went up only for one level. So make this
    check fully hierarchical for docker.
    
    https://jira.sw.ru/browse/PSBM-34523
    
    Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
    Reviewed-by: Vladimir Davydov <vdavy...@parallels.com>
---
 fs/sysfs/dir.c   | 10 +++++++---
 fs/sysfs/inode.c |  8 ++++++--
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index da73287..b4a7fda 100644
--- a/fs/sysfs/dir.c
+++ b/fs/sysfs/dir.c
@@ -77,14 +77,18 @@ static int sysfs_sd_compare(const struct sysfs_dirent *left,
 static bool sysfs_sd_visible(struct sysfs_dirent *sd, struct super_block *sb)
 {
        struct ve_struct *ve = sysfs_info(sb)->ve;
+       struct sysfs_dirent *tmp_sd = sd;
 
        /* Host sees anything */
        if (ve_is_super(ve))
                return true;
 
-       /* Entries with namespace tag always visible */
-       if (sd->s_ns || (sd->s_parent && sd->s_parent->s_ns))
-               return true;
+       /* Entries with namespace tag and their sub-entries always visible */
+       while (tmp_sd) {
+               if (tmp_sd->s_ns)
+                       return true;
+               tmp_sd = tmp_sd->s_parent;
+       }
 
        /* Symlinks are visible if target sd is visible */
        if (sysfs_type(sd) == SYSFS_KOBJ_LINK)
diff --git a/fs/sysfs/inode.c b/fs/sysfs/inode.c
index 45f5212..7e54859 100644
--- a/fs/sysfs/inode.c
+++ b/fs/sysfs/inode.c
@@ -345,13 +345,17 @@ int sysfs_hash_and_remove(struct sysfs_dirent *dir_sd, 
const void *ns, const cha
 static int sysfs_sd_permission(struct sysfs_dirent *sd, int mask)
 {
        struct ve_struct *ve = get_exec_env();
+       struct sysfs_dirent *tmp_sd = sd;
        int perm;
 
        if (ve_is_super(ve))
                return 0;
 
-       if (sd->s_ns || (sd->s_parent && sd->s_parent->s_ns))
-               return 0;
+       while (tmp_sd) {
+               if (tmp_sd->s_ns)
+                       return 0;
+               tmp_sd = tmp_sd->s_parent;
+       }
 
        if (sysfs_type(sd) == SYSFS_KOBJ_LINK)
                sd = sd->s_symlink.target_sd;
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to