10.11.2015 15:30, Andrey Ryabinin пишет:
Currently mounting fuse fs inside CT fails because
we don't pass (file->f_cred->user_ns != &init_user_ns) check.
Test file's namespace against VE's init_cred->user_ns instead.
This allows to use fuse inside containers.
https://jira.sw.ru/browse/PSBM-41075
Signed-off-by: Andrey Ryabinin <[email protected]>
---
fs/fuse/inode.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 4a1b46f..d7e2d4b 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -20,6 +20,7 @@
#include <linux/random.h>
#include <linux/sched.h>
#include <linux/exportfs.h>
+#include <linux/ve.h>
MODULE_AUTHOR("Miklos Szeredi <[email protected]>");
MODULE_DESCRIPTION("Filesystem in Userspace");
@@ -1115,6 +1116,7 @@ static int fuse_fill_super(struct super_block *sb, void
*data, int silent)
struct fuse_req *init_req;
int err;
int is_bdev = sb->s_bdev != NULL;
+ struct user_namespace *root_user_ns;
err = -EINVAL;
if (sb->s_flags & MS_MANDLOCK)
@@ -1146,8 +1148,13 @@ static int fuse_fill_super(struct super_block *sb, void
*data, int silent)
if (!file)
goto err;
+ if (get_exec_env()->init_cred)
+ root_user_ns = get_exec_env()->init_cred->user_ns;
+ else
+ root_user_ns = &init_user_ns;
+
We have some helper for this, if I'm not mistaken.
Probably this one:
current_user_ns_initial()
if ((file->f_op != &fuse_dev_operations) ||
- (file->f_cred->user_ns != &init_user_ns))
+ (file->f_cred->user_ns != root_user_ns))
goto err_fput;
fc = kmalloc(sizeof(*fc), GFP_KERNEL);
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
