[Devel] [PATCH RHEL COMMIT] ve/fs/overlay: allow overlayfs to be used inside a Container

Mon, 04 Oct 2021 14:40:08 -0700 

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at 
https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit b766e2b26fdb28528c8b64108740ee524806fd74
Author: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
Date:   Mon Oct 4 20:39:06 2021 +0300

    ve/fs/overlay: allow overlayfs to be used inside a Container
    
    This is temporary decision to make Docker in CT work with overlayfs
    storage driver, it can be unsafe to give access to fs-overlay module
    from container.
    
    Note: "overlay" kernel module must be pre-loaded on the Host,
          it is _not_ autoloaded from inside a Container.
    
    https://jira.sw.ru/browse/PSBM-47280
    
    Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
    
    khorenko@: overlayfs stibility in current RHEL7 kernel has not been checked
    yet, so it can be used for testing purposes only for now.
    
    +++
    ve/fs/overlay: allow overlayfs to be mounted in non-root userns
    
    We need overlayfs to be mounted inside Container and RHEL7.5 requires a
    special flag to be set on fs which are allowed to be mounted inside
    non-root user namespaces.
    
    mFixes: e381a0e538de ve/fs/overlay: allow overlayfs to be used inside a 
Container
    https://jira.sw.ru/browse/PSBM-86153
    
    Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
    
    ----
    fs/ve: add new FS_VE_MOUNT flag to allow mount in container init userns
    
    Use this for overlayfs and remove FS_USERNS_MOUNT for it as we wan't
    overlayfs mounts in container to mimic overlayfs mounts on host, and
    thus they can only be mounted in init userns of container.
    
    https://jira.sw.ru/browse/PSBM-121284
    mFixes: 71dd847047f6 ("ve/fs/overlay: allow overlayfs to be used inside a
    Container")
    
    Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
    
    Reviewed-by: Konstantin Khorenko <khore...@virtuozzo.com>
    
    (cherry picked from vz7 commit 269fa121de61afbe28875f4657895e6234ff4a83)
    Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
    
    (cherry picked from vz8 commit 761149b724c983f1102e93e11cae4951bd9ef232)
    Signed-off-by: Andrey Zhadchenko <andrey.zhadche...@virtuozzo.com>
---
 fs/overlayfs/super.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 065b7778e720..2f497065f688 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -2195,7 +2195,7 @@ static struct file_system_type ovl_fs_type = {
        .fs_flags       = FS_USERNS_MOUNT,
        .mount          = ovl_mount,
        .kill_sb        = kill_anon_super,
-       .fs_flags       = FS_VIRTUALIZED,
+       .fs_flags       = FS_VIRTUALIZED | FS_VE_MOUNT,
 };
 MODULE_ALIAS_FS("overlay");
 
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to