Gao feng <gaofeng@xxxxxxxxxxxxxx> writes:
> mounting tmpfs in user namespace does no harm to the host.
> so enable tmpfs support for the user namespace.
I think this allows escaping from memory resource limits.
Eric
> Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
> ---
> mm/shmem.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index d4e184e..ef97dc3 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -2801,6 +2801,7 @@ static struct file_system_type shmem_fs_type = {
> .name = "tmpfs",
> .mount = shmem_mount,
> .kill_sb = kill_litter_super,
> + .fs_flags = FS_USERNS_MOUNT,
> };
>
> int __init shmem_init(void)
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
