[Devel] [PATCH rh7] fuse: allow to mount fuse filesystems inside CT

Andrey Ryabinin Tue, 10 Nov 2015 06:38:40 -0800

Currently mounting fuse fs inside CT fails because
we don't pass (file->f_cred->user_ns != &init_user_ns) check.
Test file's namespace against VE's init_cred->user_ns instead.
This allows to use fuse inside containers.


https://jira.sw.ru/browse/PSBM-41075

Signed-off-by: Andrey Ryabinin <[email protected]>
---
 fs/fuse/inode.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 4a1b46f..d7e2d4b 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -20,6 +20,7 @@
 #include <linux/random.h>
 #include <linux/sched.h>
 #include <linux/exportfs.h>
+#include <linux/ve.h>
 
 MODULE_AUTHOR("Miklos Szeredi <[email protected]>");
 MODULE_DESCRIPTION("Filesystem in Userspace");
@@ -1115,6 +1116,7 @@ static int fuse_fill_super(struct super_block *sb, void 
*data, int silent)
        struct fuse_req *init_req;
        int err;
        int is_bdev = sb->s_bdev != NULL;
+       struct user_namespace *root_user_ns;
 
        err = -EINVAL;
        if (sb->s_flags & MS_MANDLOCK)
@@ -1146,8 +1148,13 @@ static int fuse_fill_super(struct super_block *sb, void 
*data, int silent)
        if (!file)
                goto err;
 
+       if (get_exec_env()->init_cred)
+               root_user_ns = get_exec_env()->init_cred->user_ns;
+       else
+               root_user_ns = &init_user_ns;
+
        if ((file->f_op != &fuse_dev_operations) ||
-           (file->f_cred->user_ns != &init_user_ns))
+           (file->f_cred->user_ns != root_user_ns))
                goto err_fput;
 
        fc = kmalloc(sizeof(*fc), GFP_KERNEL);
-- 
2.4.10

_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH rh7] fuse: allow to mount fuse filesystems inside CT

Reply via email to