diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2013-01-31 02:09:50 -0800 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2013-02-12 03:19:23 -0800 |
commit | eea553c21fbfa486978c82525ee8256239d4f921 (patch) | |
tree | 45b6b0b51fd59806aa1e8836a1f563918b02eab4 | |
parent | bc1b69ed22a704fb1cc83d75b2eb46508a06c820 (diff) | |
download | linux-eea553c21fbfa486978c82525ee8256239d4f921.tar.bz2 |
ceph: Only allow mounts in the initial network namespace
Today ceph opens tcp sockets from a delayed work callback. Delayed
work happens from kernel threads which are always in the initial
network namespace. Therefore fail early if someone attempts
to mount a ceph filesystem from something other than the initial
network namespace.
Cc: Sage Weil <sage@inktank.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-rw-r--r-- | net/ceph/ceph_common.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c index ee71ea26777a..1deb29af82fd 100644 --- a/net/ceph/ceph_common.c +++ b/net/ceph/ceph_common.c @@ -15,6 +15,8 @@ #include <linux/slab.h> #include <linux/statfs.h> #include <linux/string.h> +#include <linux/nsproxy.h> +#include <net/net_namespace.h> #include <linux/ceph/ceph_features.h> @@ -292,6 +294,9 @@ ceph_parse_options(char *options, const char *dev_name, int err = -ENOMEM; substring_t argstr[MAX_OPT_ARGS]; + if (current->nsproxy->net_ns != &init_net) + return ERR_PTR(-EINVAL); + opt = kzalloc(sizeof(*opt), GFP_KERNEL); if (!opt) return ERR_PTR(-ENOMEM); |