• Eric W. Biederman's avatar
    mnt: Refactor the logic for mounting sysfs and proc in a user namespace · cd37911f
    Eric W. Biederman authored
    commit 1b852bce upstream.
    
    Fresh mounts of proc and sysfs are a very special case that works very
    much like a bind mount.  Unfortunately the current structure can not
    preserve the MNT_LOCK... mount flags.  Therefore refactor the logic
    into a form that can be modified to preserve those lock bits.
    
    Add a new filesystem flag FS_USERNS_VISIBLE that requires some mount
    of the filesystem be fully visible in the current mount namespace,
    before the filesystem may be mounted.
    
    Move the logic for calling fs_fully_visible from proc and sysfs into
    fs/namespace.c where it has greater access to mount namespace state.
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
    cd37911f
namespace.c 74.8 KB