[Devel] [PATCH RH9 09/22] ve/fs: namespace -- Ignore device permissions during restore

Thu, 07 Oct 2021 07:59:31 -0700 

From: Cyrill Gorcunov <gorcu...@virtuozzo.com>

To support several storage backends (ploops) inside container
we've hacks in libvzctl which setup "old" permissions when
restore procedure initiated. But the former idea was simply
allow CRIU to do all the works and restore ploops mounts
by its own (since CRIU fetches all mount options and such).

For this sake we turn off mount options filtering provisionally
if @is_pseudosuper is set, and CRIU restore mounts as regular
ones.

https://jira.sw.ru/browse/PSBM-48188

Signed-off-by: Cyrill Gorcunov <gorcu...@virtuozzo.com>

CC: Igor Sukhih <i...@virtuozzo.com>
CC: Vladimir Davydov <vdavy...@virtuozzo.com>
CC: Konstantin Khorenko <khore...@virtuozzo.com>

===========================================
VZ 8 rebase part https://jira.sw.ru/browse/PSBM-127782
vz7 commit: fde61cc ("ve/fs: namespace -- Ignore device permissions during
restore")

Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalit...@virtuozzo.com>

+++
ve/devmnt: fix ignore device permissions for pseudosuper

Imagine we have
 1) ve->is_pseudosuper == true
 2) err returned from ve_devmnt_check == -EPERM
 3) remount == true

In this case ((ve->is_pseudosuper || !err) && !remount) == false, and
thus "err = ve_devmnt_insert" is not called, meaning that err remains
-EPERM, and ve_devmnt_process fails with -EPERM. Would be more logical
to just ignore error from ve_devmnt_check setting err to 0 as if
ve_devmnt_check passed with no error.

Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>

(cherry picked from vz8 commit 36402d1e135cdb29775ab67708bc021886baf19f)
Signed-off-by: Andrey Zhadchenko <andrey.zhadche...@virtuozzo.com>
---
 fs/namespace.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/fs/namespace.c b/fs/namespace.c
index 7af19eb..cead63d 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2730,6 +2730,13 @@ int ve_devmnt_process(struct ve_struct *ve, dev_t dev, 
void **data_pp, int remou
        list_for_each_entry(devmnt, &ve->devmnt_list, link) {
                if (devmnt->dev == dev) {
                        err = ve_devmnt_check(data, devmnt->allowed_options);
+                       /*
+                        * In case of @is_pseudouser set, ie restore procedure,
+                        * we don't check for allowed options filtering, since
+                        * restore mode is special.
+                        */
+                       if (ve->is_pseudosuper)
+                               err = 0;
 
                        if (!err && !remount)
                                err = ve_devmnt_insert(data, 
devmnt->hidden_options);
-- 
1.8.3.1

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to