mbox series

[GIT,PULL] fs mount_setattr fix

Message ID 20210519132055.682958-1-brauner@kernel.org (mailing list archive)
State New, archived
Headers show
Series [GIT,PULL] fs mount_setattr fix | expand

Pull-request

git@gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux tags/fs.idmapped.mount_setattr.v5.13-rc3

Message

Christian Brauner May 19, 2021, 1:20 p.m. UTC
/* Summary */
This simple change makes an underlying assumption more explicit. We currently
don't have any filesystems that support idmapped mounts which are mountable
inside a user namespace, i.e. where s_user_ns != init_user_ns. That was a
deliberate decision for now as userns root can just mount the filesystem
themselves.
Express this restriction explicitly and enforce it until there's a real
use-case for this. This way we can notice it and will have a chance to adapt
and audit our translation helpers and fstests appropriately if we need to
support such filesystems.

On a general note, we're seeing idmapped mounts being adopted rapidly. Since
5.12 was released systemd has already merged full support for idmapped mounts.
Discussions have kicked off for Docker/Moby, k8s, runC, and the containerd
patchset is about to be reworked. Requests for more filesystems are coming in
including btrfs and overlayfs and we're discussing fanotify making us of
idmapped mounts to implement filtered filesystems marks which will be a great
addition as well. We won't be able to please everyone's desire or design of
course but it feels like we hit the right direction with this patchset.

The following changes since commit 6efb943b8616ec53a5e444193dccf1af9ad627b5:

  Linux 5.13-rc1 (2021-05-09 14:17:44 -0700)

are available in the Git repository at:

  git@gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux tags/fs.idmapped.mount_setattr.v5.13-rc3

for you to fetch changes up to 2ca4dcc4909d787ee153272f7efc2bff3b498720:

  fs/mount_setattr: tighten permission checks (2021-05-12 14:13:16 +0200)

/* Testing */
All patches are based on v5.13-rc1 and have been sitting in linux-next. No
build failures or warnings were observed. All fstests are passing.

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.

Please consider pulling these changes from the signed fs.idmapped.mount_setattr.v5.13-rc3 tag.

Thanks!
Christian

----------------------------------------------------------------
fs.idmapped.mount_setattr.v5.13-rc3

----------------------------------------------------------------
Christian Brauner (1):
      fs/mount_setattr: tighten permission checks

 fs/namespace.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

pr-tracker-bot@kernel.org May 19, 2021, 4:20 p.m. UTC | #1
The pull request you sent on Wed, 19 May 2021 15:20:55 +0200:

> git@gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux tags/fs.idmapped.mount_setattr.v5.13-rc3

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/c3d0e3fd41b7f0f5d5d5b6022ab7e813f04ea727

Thank you!