From: Stanislav Kinsburskiy <skinsbur...@virtuozzo.com> Does: 1) virtualize rpc_pipefs file system 2) virtualize nfs file system 3) allows to mount from CTs initial user ns 4) add VE_FEATURE_NFS check during nfsd mount
Signed-off-by: Stanislav Kinsbursky <skinsbur...@parallels.com> +++ ve/fs/nfs: NFS containerization - allow to mount NFS in CT root userns Note: mounting NFS shares in any other nested userns is still prohibited. https://jira.sw.ru/browse/PSBM-127234 Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com> Reviewed-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> khorenko@: rebase to RHEL8.4 notes: - the check for VE_FEATURE_NFS feature has been moved from nfs_fs_mount() to nfs_init_fs_context() +++ ve/fs/nfs: NFS containerization - remove excess current_user_ns_initial Now when we use FS_VE_MOUNT for nfs instead of FS_USERNS_MOUNT we already have a check that nfs can be mounted only from initial userns. https://jira.sw.ru/browse/PSBM-131949 Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> (cherry-picked from vz8 commit 1e0eb912cff3 ("ve/fs/nfs: NFS containerization")) Signed-off-by: Nikita Yushchenko <nikita.yushche...@virtuozzo.com> --- fs/nfs/fs_context.c | 11 +++++++++-- net/sunrpc/rpc_pipe.c | 1 + 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/fs/nfs/fs_context.c b/fs/nfs/fs_context.c index d95c9a39bc70..3977438b42da 100644 --- a/fs/nfs/fs_context.c +++ b/fs/nfs/fs_context.c @@ -17,6 +17,8 @@ #include <linux/nfs_fs.h> #include <linux/nfs_mount.h> #include <linux/nfs4_mount.h> +#include <uapi/linux/vzcalluser.h> +#include <linux/ve.h> #include "nfs.h" #include "internal.h" @@ -1486,6 +1488,9 @@ static int nfs_init_fs_context(struct fs_context *fc) { struct nfs_fs_context *ctx; + if (!(get_exec_env()->features & VE_FEATURE_NFS)) + return -ENODEV; + ctx = kzalloc(sizeof(struct nfs_fs_context), GFP_KERNEL); if (unlikely(!ctx)) return -ENOMEM; @@ -1557,7 +1562,8 @@ struct file_system_type nfs_fs_type = { .init_fs_context = nfs_init_fs_context, .parameters = nfs_fs_parameters, .kill_sb = nfs_kill_super, - .fs_flags = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA, + .fs_flags = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA| + FS_VIRTUALIZED|FS_VE_MOUNT, }; MODULE_ALIAS_FS("nfs"); EXPORT_SYMBOL_GPL(nfs_fs_type); @@ -1569,7 +1575,8 @@ struct file_system_type nfs4_fs_type = { .init_fs_context = nfs_init_fs_context, .parameters = nfs_fs_parameters, .kill_sb = nfs_kill_super, - .fs_flags = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA, + .fs_flags = FS_RENAME_DOES_D_MOVE|FS_BINARY_MOUNTDATA| + FS_VIRTUALIZED|FS_VE_MOUNT, }; MODULE_ALIAS_FS("nfs4"); MODULE_ALIAS("nfs4"); diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c index 09c000d490a1..37d08af10d30 100644 --- a/net/sunrpc/rpc_pipe.c +++ b/net/sunrpc/rpc_pipe.c @@ -1468,6 +1468,7 @@ static struct file_system_type rpc_pipe_fs_type = { .name = "rpc_pipefs", .init_fs_context = rpc_init_fs_context, .kill_sb = rpc_kill_sb, + .fs_flags = FS_VIRTUALIZED, }; MODULE_ALIAS_FS("rpc_pipefs"); MODULE_ALIAS("rpc_pipefs"); -- 2.30.2 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
