2015-10-02 20:26 GMT+03:00 Kirill Tkhai <[email protected]>: > https://jira.sw.ru/browse/PSBM-40100
We can allow to mount these file systems only if we are in the ve's userns. A non-root user in a container can create a new userns, but he should not be able to mount ext4, doesn't he? > > Signed-off-by: Kirill Tkhai <[email protected]> > --- > fs/binfmt_misc.c | 2 +- > fs/ext4/super.c | 3 ++- > 2 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c > index 90c306e..2be9b62 100644 > --- a/fs/binfmt_misc.c > +++ b/fs/binfmt_misc.c > @@ -748,7 +748,7 @@ static struct file_system_type bm_fs_type = { > .name = "binfmt_misc", > .mount = bm_mount, > .kill_sb = kill_litter_super, > - .fs_flags = FS_VIRTUALIZED, > + .fs_flags = FS_VIRTUALIZED | FS_USERNS_MOUNT, > }; > MODULE_ALIAS_FS("binfmt_misc"); > > diff --git a/fs/ext4/super.c b/fs/ext4/super.c > index 5209777..2193000 100644 > --- a/fs/ext4/super.c > +++ b/fs/ext4/super.c > @@ -5727,7 +5727,8 @@ static struct file_system_type ext4_fs_type = { > .mount = ext4_mount, > .kill_sb = ext4_kill_sb, > .fs_flags = FS_REQUIRES_DEV | FS_HAS_INVALIDATE_RANGE | > - FS_VIRTUALIZED | FS_HAS_MMAP_PREP, > + FS_VIRTUALIZED | FS_HAS_MMAP_PREP | FS_USERNS_MOUNT > | > + FS_USERNS_DEV_MOUNT, > }; > MODULE_ALIAS_FS("ext4"); > > > _______________________________________________ > Devel mailing list > [email protected] > https://lists.openvz.org/mailman/listinfo/devel _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
