Re: [Devel] [PATCH 2/3] fuse: Prohibit kio engine from containers

Pavel Butsykin Tue, 30 Oct 2018 05:29:23 -0700

On 30.10.2018 11:55, Kirill Tkhai wrote:
> Currently we have several BUG_ON() ported from userspace,
> and they may fire in case of it's used malicious daemon
> instead of original vstorage-mount. So, just prohibit
> mounting with kio from inside container.
> 
> https://pmc.acronis.com/browse/VSTOR-16325
> 
> Signed-off-by: Kirill Tkhai <ktk...@virtuozzo.com>


Reviewed-by: Pavel Butsykin <pbutsy...@virtuozzo.com>

> ---
>   fs/fuse/inode.c |    2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 0695b79c4c50..34e52262d37e 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -709,6 +709,8 @@ static int parse_fuse_opt(char *opt, struct 
> fuse_mount_data *d, int is_bdev)
>                       break;
>               case OPT_KIO_NAME: {
>                       char *name;
> +                     if (!ve_is_super(get_exec_env()))
> +                             return 0;
>                       name = match_strdup(&args[0]);
>                       if (!name)
>                               return 0;
> 

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Re: [Devel] [PATCH 2/3] fuse: Prohibit kio engine from containers

Reply via email to