> --- linux-2.6.18.i686/fs/namespace.c 2009-03-26 11:09:57.000000000 +0000
> +++ linux-2.6.18.i686-lustre-umount-patch/fs/namespace.c 2009-03-27
> 01:41:49.000000000 +0000
> @@ -728,10 +728,15 @@ asmlinkage long sys_umount(char __user *
> if (!check_mnt(nd.mnt))
> goto dput_and_out;
>
> +
> + if (!memcmp(nd.mnt->mnt_sb->s_type->name, "lustre", 6) && !
> ve_is_super(get_exec_env()) && (flags & MNT_FORCE)) {
> + printk(KERN_ALERT "Forced umount of lustre fs is not allowed
> inside
> container (%d). Overriding MNT_FORCE flag.\n", get_exec_env()->veid);
> + flags &= (~MNT_FORCE);
> + }
> +
As far as I see from the umount kernel code, the only place where filesystem
can see this MNT_FORCE flag is in umount_begin callback. So the better place
for such a check is in there (you can use CAP_SYS_ADMIN capability presence
to distinguish VE0 from VE).
> retval = -EPERM;
> if (!capable(CAP_VE_SYS_ADMIN))
> goto dput_and_out;
> -
> retval = do_umount(nd.mnt, flags);
> dput_and_out:
> path_release_on_umount(&nd);
>
>
>
> _______________________________________________
> Devel mailing list
> [email protected]
> https://openvz.org/mailman/listinfo/devel
>
_______________________________________________
Devel mailing list
[email protected]
https://openvz.org/mailman/listinfo/devel
