[PATCH] userns: allow remount filesystem in un-init userns
Gao feng
gaofeng at cn.fujitsu.com
Thu Jan 17 06:41:00 UTC 2013
The proc and sysfs filesystem already enable userns support,
remounting these filesystems in un-init userns do no harm
to the host.
Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
---
fs/namespace.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 55605c5..b9d83fb 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1748,7 +1748,10 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
struct super_block *sb = path->mnt->mnt_sb;
struct mount *mnt = real_mount(path->mnt);
- if (!capable(CAP_SYS_ADMIN))
+ if (sb->s_type->fs_flags & FS_USERNS_MOUNT) {
+ if (!ns_capable(mnt->mnt_ns->user_ns, CAP_SYS_ADMIN))
+ return -EPERM;
+ } else if (!capable(CAP_SYS_ADMIN))
return -EPERM;
if (!check_mnt(mnt))
--
1.7.11.7
--------------060902080505070302040304--
More information about the Containers
mailing list