On 6/3/26 17:03, Vasileios Almpanis wrote:
In legacy mount callpaths, userspace might pass mount options as flags. These flags escape our checks in ve_devmnt_process allowing devices to be mounted inside containers with options not specified in the allowed field. Introduce helpers that take these flags and already existing tables of flag -> string representation to construct a comma separated value string from them, and append them to userspace provided data. Then pass this string to parse_monolithic_mount_data enforcing the same checks symmetrically in both mount and fsconfig syscalls. In the remount path, run legacy_merge_mount_data() before ve_devmnt_process() so container device mount policy sees MS_* flags from the legacy mount(2) API, not only the user-supplied option string. Keep ve_prepare_mount_options() for legacy parsers that do not use generic_parse_monolithic(). https://virtuozzo.atlassian.net/browse/VSTOR-132330 Signed-off-by: Vasileios Almpanis <[email protected]>
Reviewed-by: Vladimir Riabchun <[email protected]>
Feature: ve: ve generic structures ...
-- Best regards, Riabchun Vladimir Linux Kernel Developer, Virtuozzo _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
