tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'fs.idmapped.mount_setattr.v5.13-rc3' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux

Pull mount_setattr fix from Christian Brauner:
"This makes an underlying idmapping assumption more explicit.

We currently don't have any filesystems that support idmapped mounts
which are mountable inside a user namespace, i.e. where s_user_ns !=
init_user_ns. That was a deliberate decision for now as userns root
can just mount the filesystem themselves.

Express this restriction explicitly and enforce it until there's a
real use-case for this. This way we can notice it and will have a
chance to adapt and audit our translation helpers and fstests
appropriately if we need to support such filesystems"

* tag 'fs.idmapped.mount_setattr.v5.13-rc3' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux:
fs/mount_setattr: tighten permission checks

Linus Torvalds c3d0e3fd 293837b9

+5 -1
unified split
+5 -1
fs/namespace.c
··· 3855 3855 if (!(m->mnt_sb->s_type->fs_flags & FS_ALLOW_IDMAP)) 3856 3856 return -EINVAL; 3857 3857 3858 + /* Don't yet support filesystem mountable in user namespaces. */ 3859 + if (m->mnt_sb->s_user_ns != &init_user_ns) 3860 + return -EINVAL; 3861 + 3858 3862 /* We're not controlling the superblock. */ 3859 - if (!ns_capable(m->mnt_sb->s_user_ns, CAP_SYS_ADMIN)) 3863 + if (!capable(CAP_SYS_ADMIN)) 3860 3864 return -EPERM; 3861 3865 3862 3866 /* Mount has already been visible in the filesystem hierarchy. */