[lxc-devel] [lxc/lxc] db4219: autodev: adapt to changes in Linux 4.18
GitHub
noreply at github.com
Sun Oct 14 09:43:54 UTC 2018
Branch: refs/heads/stable-2.0
Home: https://github.com/lxc/lxc
Commit: db4219603946649474b5cb7915dbd6c17ec728f0
https://github.com/lxc/lxc/commit/db4219603946649474b5cb7915dbd6c17ec728f0
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-10-14 (Sun, 14 Oct 2018)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
autodev: adapt to changes in Linux 4.18
Starting with commit
55956b59df33 ("vfs: Allow userns root to call mknod on owned filesystems.")
Linux will allow mknod() in user namespaces for userns root if CAP_MKNOD is
available.
However, these device nodes are useless since
static struct super_block *alloc_super(struct file_system_type *type, int flags,
struct user_namespace *user_ns)
{
/* <snip> */
if (s->s_user_ns != &init_user_ns)
s->s_iflags |= SB_I_NODEV;
/* <snip> */
}
will set the SB_I_NODEV flag on the filesystem. When a device node created in
non-init userns is open()ed the call chain will hit:
bool may_open_dev(const struct path *path)
{
return !(path->mnt->mnt_flags & MNT_NODEV) &&
!(path->mnt->mnt_sb->s_iflags & SB_I_NODEV);
}
which will cause an EPERM because the device node is located on an fs
owned by non-init-userns and thus doesn't grant access to device nodes due to
SB_I_NODEV.
This commit enables LXC to deal with such kernels.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
**NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the lxc-devel
mailing list