If the caller is running within a container then execute the usermode helper callback within the init namespace of the container.
Signed-off-by: Ian Kent <[email protected]> Cc: Benjamin Coddington <[email protected]> Cc: Al Viro <[email protected]> Cc: J. Bruce Fields <[email protected]> Cc: David Howells <[email protected]> Cc: Trond Myklebust <[email protected]> Cc: Oleg Nesterov <[email protected]> Cc: Eric W. Biederman <[email protected]> Cc: Jeff Layton <[email protected]> --- fs/nfs/cache_lib.c | 6 +++++- fs/nfsd/nfs4recover.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/nfs/cache_lib.c b/fs/nfs/cache_lib.c index 5f7b053..1f7f6c1 100644 --- a/fs/nfs/cache_lib.c +++ b/fs/nfs/cache_lib.c @@ -44,11 +44,15 @@ int nfs_cache_upcall(struct cache_detail *cd, char *entry_name) entry_name, NULL }; + int umh_flags = UMH_WAIT_EXEC; int ret = -EACCES; + if (cd->net != &init_net) + umh_flags |= UMH_USE_NS; + if (nfs_cache_getent_prog[0] == '\0') goto out; - ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); + ret = call_usermodehelper(argv[0], argv, envp, umh_flags); /* * Disable the upcall mechanism if we're getting an ENOENT or * EACCES error. The admin can re-enable it on the fly by using diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c index b962856..0896ca7 100644 --- a/fs/nfsd/nfs4recover.c +++ b/fs/nfsd/nfs4recover.c @@ -1380,7 +1380,7 @@ nfsd4_umh_cltrack_check(struct nfs4_client *clp) } else { ret = nfsd4_umh_cltrack_upcall("check", hexid, has_session, legacy, - mm->umh_flags); + nn->umh_flags); if (ret == 0) set_bit(NFSD4_CLIENT_STABLE, &clp->cl_flags); } -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
