[PATCH review 10/12] dquot: For now explicitly don't support filesystems outside of init_user_ns
Jan Kara
jack at suse.cz
Mon Jul 11 10:09:23 UTC 2016
On Wed 06-07-16 13:12:10, Eric W. Biederman wrote:
> Mostly supporting filesystems outside of init_user_ns is
> s/&init_usre_ns/dquot->dq_sb->s_user_ns/. An actual need for
> supporting quotas on filesystems outside of s_user_ns is quite a ways
> away and to be done responsibily needs an audit on what can happen
> with hostile quota files. Until that audit is complete don't attempt
> to support quota files on filesystems outside of s_user_ns.
>
> Cc: Jan Kara <jack at suse.cz>
> Acked-by: Seth Forshee <seth.forshee at canonical.com>
> Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>
Looks good. You can add:
Acked-by: Jan Kara <jack at suse.cz>
Honza
> ---
> fs/quota/dquot.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
> index 74706b6aa747..87197d13cc76 100644
> --- a/fs/quota/dquot.c
> +++ b/fs/quota/dquot.c
> @@ -2271,6 +2271,11 @@ static int vfs_load_quota_inode(struct inode *inode, int type, int format_id,
> error = -EINVAL;
> goto out_fmt;
> }
> + /* Filesystems outside of init_user_ns not yet supported */
> + if (sb->s_user_ns != &init_user_ns) {
> + error = -EINVAL;
> + goto out_fmt;
> + }
> /* Usage always has to be set... */
> if (!(flags & DQUOT_USAGE_ENABLED)) {
> error = -EINVAL;
> --
> 2.8.3
>
--
Jan Kara <jack at suse.com>
SUSE Labs, CR
More information about the Containers
mailing list