[RHEL8,COMMIT] ve/fs/overlay: allow overlayfs to be used inside a Container

Submitted by Konstantin Khorenko on March 19, 2021, 10:53 a.m.

Details

Message ID 202103191053.12JArZEO904720@finist-co8.sw.ru
State New
Series "Series without cover letter"
Headers show

Commit Message

Konstantin Khorenko March 19, 2021, 10:53 a.m.
The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.8
------>
commit 28a2e13d2c1ea43c2e4cdc1d60dfa3853cafb12d
Author: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Date:   Mon May 23 13:29:54 2016 +0400

    ve/fs/overlay: allow overlayfs to be used inside a Container
    
    This is temporary decision to make Docker in CT work with overlayfs
    storage driver, it can be unsafe to give access to fs-overlay module
    from container.
    
    Note: "overlay" kernel module must be pre-loaded on the Host,
          it is _not_ autoloaded from inside a Container.
    
    https://jira.sw.ru/browse/PSBM-47280
    
    Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
    
    khorenko@: overlayfs stibility in current RHEL7 kernel has not been checked
    yet, so it can be used for testing purposes only for now.
    
    +++
    ve/fs/overlay: allow overlayfs to be mounted in non-root userns
    
    We need overlayfs to be mounted inside Container and RHEL7.5 requires a
    special flag to be set on fs which are allowed to be mounted inside
    non-root user namespaces.
    
    mFixes: e381a0e538de ve/fs/overlay: allow overlayfs to be used inside a Container
    https://jira.sw.ru/browse/PSBM-86153
    
    Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
    
    ----
    fs/ve: add new FS_VE_MOUNT flag to allow mount in container init userns
    
    Use this for overlayfs and remove FS_USERNS_MOUNT for it as we wan't
    overlayfs mounts in container to mimic overlayfs mounts on host, and
    thus they can only be mounted in init userns of container.
    
    https://jira.sw.ru/browse/PSBM-121284
    mFixes: 71dd847047f6 ("ve/fs/overlay: allow overlayfs to be used inside a
    Container")
    
    Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
    Reviewed-by: Konstantin Khorenko <khorenko@virtuozzo.com>
    
    (cherry picked from vz7 commit 269fa121de61afbe28875f4657895e6234ff4a83)
    Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 fs/overlayfs/super.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index fb419617564c..b00e73e886bc 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1967,7 +1967,7 @@  static struct file_system_type ovl_fs_type = {
 	.name		= "overlay",
 	.mount		= ovl_mount,
 	.kill_sb	= kill_anon_super,
-	.fs_flags	= FS_VIRTUALIZED,
+	.fs_flags	= FS_VIRTUALIZED | FS_VE_MOUNT,
 };
 MODULE_ALIAS_FS("overlay");