From: Glauber Costa <glommer@parallels.com>
To: cgroups@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, ebiederm@xmission.com,
serge@hallyn.com, daniel.lezcano@free.fr, pjt@google.com,
mzxreary@0pointer.de, xemul@parallels.com,
James.Bottomley@HansenPartnership.com, tj@kernel.org,
eric.dumazet@gmail.com, Glauber Costa <glommer@parallels.com>
Subject: [RFC 3/4] show only allowed filesystems in /proc/filesystems
Date: Mon, 23 Jan 2012 20:56:11 +0400 [thread overview]
Message-ID: <1327337772-1972-4-git-send-email-glommer@parallels.com> (raw)
In-Reply-To: <1327337772-1972-1-git-send-email-glommer@parallels.com>
Now that a namespace can have a different than default list of
filesystems, only show the allowed ones in /proc/filesystems.
Signed-off-by: Glauber Costa <glommer@parallels.com>
---
fs/filesystems.c | 4 +++-
fs/proc/base.c | 51 +++++++++++++++++++++++++++++++++++++++++----------
2 files changed, 44 insertions(+), 11 deletions(-)
diff --git a/fs/filesystems.c b/fs/filesystems.c
index 118d0d6..b797cda 100644
--- a/fs/filesystems.c
+++ b/fs/filesystems.c
@@ -243,11 +243,13 @@ out:
int filesystems_proc_show(struct seq_file *m, void *v)
{
struct file_system_type * tmp;
+ struct mnt_namespace *ns = m->private;
read_lock(&file_systems_lock);
tmp = file_systems;
while (tmp) {
- seq_printf(m, "%s\t%s\n",
+ if (fs_allowed(tmp, ns))
+ seq_printf(m, "%s\t%s\n",
(tmp->fs_flags & FS_REQUIRES_DEV) ? "" : "nodev",
tmp->name);
tmp = tmp->next;
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 2a6e2c7..2a88a47 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -627,6 +627,44 @@ int proc_setattr(struct dentry *dentry, struct iattr *attr)
return 0;
}
+struct mnt_namespace *mnt_ns_from_task(struct task_struct *task)
+{
+ struct nsproxy *nsp;
+ struct mnt_namespace *ns = NULL;
+
+
+ rcu_read_lock();
+ nsp = task_nsproxy(task);
+ if (nsp) {
+ ns = nsp->mnt_ns;
+ if (ns)
+ get_mnt_ns(ns);
+ }
+ rcu_read_unlock();
+ return ns;
+}
+
+struct mnt_namespace *mnt_ns_from_inode(struct inode *inode)
+{
+ struct task_struct *task = get_proc_task(inode);
+ struct path root;
+ struct mnt_namespace *ns = NULL;
+
+ if (!task)
+ return NULL;
+
+ ns = mnt_ns_from_task(task);
+
+ if (ns && get_task_root(task, &root) != 0) {
+ put_mnt_ns(ns);
+ ns = NULL;
+ }
+
+ path_put(&root);
+ put_task_struct(task);
+ return ns;
+}
+
static const struct inode_operations proc_def_inode_operations = {
.setattr = proc_setattr,
};
@@ -635,21 +673,13 @@ static int mounts_open_common(struct inode *inode, struct file *file,
const struct seq_operations *op)
{
struct task_struct *task = get_proc_task(inode);
- struct nsproxy *nsp;
struct mnt_namespace *ns = NULL;
struct path root;
struct proc_mounts *p;
int ret = -EINVAL;
if (task) {
- rcu_read_lock();
- nsp = task_nsproxy(task);
- if (nsp) {
- ns = nsp->mnt_ns;
- if (ns)
- get_mnt_ns(ns);
- }
- rcu_read_unlock();
+ ns = mnt_ns_from_task(task);
if (ns && get_task_root(task, &root) == 0)
ret = 0;
put_task_struct(task);
@@ -2875,7 +2905,8 @@ static struct dentry *proc_tgid_base_lookup(struct inode *dir, struct dentry *de
static int filesystems_proc_open(struct inode *inode, struct file *file)
{
- return single_open(file, filesystems_proc_show, NULL);
+ struct mnt_namespace *ns = mnt_ns_from_inode(inode);
+ return single_open(file, filesystems_proc_show, ns);
}
static const struct file_operations filesystems_proc_fops = {
--
1.7.7.4
next prev parent reply other threads:[~2012-01-23 16:57 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-23 16:56 [RFC 0/4] per-namespace allowed filesystems list Glauber Costa
2012-01-23 16:56 ` [RFC 2/4] " Glauber Costa
2012-01-23 16:56 ` Glauber Costa [this message]
[not found] ` <1327337772-1972-1-git-send-email-glommer-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-01-23 16:56 ` [RFC 1/4] move /proc/filesystems inside /proc/self Glauber Costa
2012-01-23 16:56 ` [RFC 4/4] fslist netlink interface Glauber Costa
2012-01-23 19:20 ` [RFC 0/4] per-namespace allowed filesystems list Eric W. Biederman
2012-01-23 21:12 ` Al Viro
[not found] ` <20120123211218.GF23916-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2012-01-23 23:04 ` Kirill A. Shutemov
[not found] ` <20120123230457.GA14347-oKw7cIdHH8eLwutG50LtGA@public.gmane.org>
2012-01-23 23:12 ` Al Viro
2012-01-24 7:17 ` Kirill A. Shutemov
2012-01-24 10:32 ` Glauber Costa
2012-01-24 10:22 ` Glauber Costa
2012-01-24 0:04 ` Eric W. Biederman
[not found] ` <m1vco2m0eh.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-01-24 10:31 ` Glauber Costa
[not found] ` <4F1E886A.7000107-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2012-01-24 11:17 ` Eric W. Biederman
2012-01-24 11:24 ` Glauber Costa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1327337772-1972-4-git-send-email-glommer@parallels.com \
--to=glommer@parallels.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=cgroups@vger.kernel.org \
--cc=daniel.lezcano@free.fr \
--cc=ebiederm@xmission.com \
--cc=eric.dumazet@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mzxreary@0pointer.de \
--cc=pjt@google.com \
--cc=serge@hallyn.com \
--cc=tj@kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).