[rh7] ve/fuse: allow to mount fuse in non-init user_ns

Submitted by Konstantin Khorenko on June 20, 2018, 10:09 a.m.

Details

Message ID 20180620100918.6149-1-khorenko@virtuozzo.com
State New
Series "ve/fuse: allow to mount fuse in non-init user_ns"
Headers show

Commit Message

Konstantin Khorenko June 20, 2018, 10:09 a.m.
RHEL7.5 enforced sget() (sget_userns() in fact) to check the
FS_USERNS_MOUNT flag on fs_flags, fuse lacks the flag and
thus we are unable to mount fuse inside a Container.

Fix this - allow fuse to be mounted in non-init user namespaces.

Fixes: 371904f01f05 ("fuse: virtualize file system")
https://jira.sw.ru/browse/PSBM-85886

Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 fs/fuse/inode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 8a9fa0d7997d..07b526818939 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1445,7 +1445,7 @@  static void fuse_kill_sb_anon(struct super_block *sb)
 static struct file_system_type fuse_fs_type = {
 	.owner		= THIS_MODULE,
 	.name		= "fuse",
-	.fs_flags	= FS_HAS_SUBTYPE | FS_VIRTUALIZED,
+	.fs_flags	= FS_HAS_SUBTYPE | FS_VIRTUALIZED | FS_USERNS_MOUNT,
 	.mount		= fuse_mount,
 	.kill_sb	= fuse_kill_sb_anon,
 };

Comments

Andrey Ryabinin June 25, 2018, 4:20 p.m.
On 06/20/2018 01:09 PM, Konstantin Khorenko wrote:
> RHEL7.5 enforced sget() (sget_userns() in fact) to check the
> FS_USERNS_MOUNT flag on fs_flags, fuse lacks the flag and
> thus we are unable to mount fuse inside a Container.
> 
> Fix this - allow fuse to be mounted in non-init user namespaces.
> 
> Fixes: 371904f01f05 ("fuse: virtualize file system")
> https://jira.sw.ru/browse/PSBM-85886
> 
> Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>

Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>

> ---
>  fs/fuse/inode.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 8a9fa0d7997d..07b526818939 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -1445,7 +1445,7 @@ static void fuse_kill_sb_anon(struct super_block *sb)
>  static struct file_system_type fuse_fs_type = {
>  	.owner		= THIS_MODULE,
>  	.name		= "fuse",
> -	.fs_flags	= FS_HAS_SUBTYPE | FS_VIRTUALIZED,
> +	.fs_flags	= FS_HAS_SUBTYPE | FS_VIRTUALIZED | FS_USERNS_MOUNT,
>  	.mount		= fuse_mount,
>  	.kill_sb	= fuse_kill_sb_anon,
>  };
>