• Eric W. Biederman's avatar
    mnt: Refactor the logic for mounting sysfs and proc in a user namespace · 1b852bce
    Eric W. Biederman authored
    Fresh mounts of proc and sysfs are a very special case that works very
    much like a bind mount.  Unfortunately the current structure can not
    preserve the MNT_LOCK... mount flags.  Therefore refactor the logic
    into a form that can be modified to preserve those lock bits.
    
    Add a new filesystem flag FS_USERNS_VISIBLE that requires some mount
    of the filesystem be fully visible in the current mount namespace,
    before the filesystem may be mounted.
    
    Move the logic for calling fs_fully_visible from proc and sysfs into
    fs/namespace.c where it has greater access to mount namespace state.
    
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    1b852bce
root.c 5.63 KB