On 02.10.2015 20:48, Andrey Wagin wrote: > 2015-10-02 20:26 GMT+03:00 Kirill Tkhai <[email protected]>: >> https://jira.sw.ru/browse/PSBM-40100 > > We can allow to mount these file systems only if we are in the ve's userns. > A non-root user in a container can create a new userns, but he should > not be able to mount ext4, doesn't he?
Yeah, sure, thanks! >> >> Signed-off-by: Kirill Tkhai <[email protected]> >> --- >> fs/binfmt_misc.c | 2 +- >> fs/ext4/super.c | 3 ++- >> 2 files changed, 3 insertions(+), 2 deletions(-) >> >> diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c >> index 90c306e..2be9b62 100644 >> --- a/fs/binfmt_misc.c >> +++ b/fs/binfmt_misc.c >> @@ -748,7 +748,7 @@ static struct file_system_type bm_fs_type = { >> .name = "binfmt_misc", >> .mount = bm_mount, >> .kill_sb = kill_litter_super, >> - .fs_flags = FS_VIRTUALIZED, >> + .fs_flags = FS_VIRTUALIZED | FS_USERNS_MOUNT, >> }; >> MODULE_ALIAS_FS("binfmt_misc"); >> >> diff --git a/fs/ext4/super.c b/fs/ext4/super.c >> index 5209777..2193000 100644 >> --- a/fs/ext4/super.c >> +++ b/fs/ext4/super.c >> @@ -5727,7 +5727,8 @@ static struct file_system_type ext4_fs_type = { >> .mount = ext4_mount, >> .kill_sb = ext4_kill_sb, >> .fs_flags = FS_REQUIRES_DEV | FS_HAS_INVALIDATE_RANGE | >> - FS_VIRTUALIZED | FS_HAS_MMAP_PREP, >> + FS_VIRTUALIZED | FS_HAS_MMAP_PREP | >> FS_USERNS_MOUNT | >> + FS_USERNS_DEV_MOUNT, >> }; >> MODULE_ALIAS_FS("ext4"); >> >> >> _______________________________________________ >> Devel mailing list >> [email protected] >> https://lists.openvz.org/mailman/listinfo/devel _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
