Commit 055fa3fb authored by Luis Henriques's avatar Luis Henriques

Revert "(namespace) mnt: Move the FS_USERNS_MOUNT check into sget_userns"

BugLink: https://bugs.launchpad.net/bugs/1644165

This reverts commit 813a6f60.

The kernel fix for bug #1634964 breaks LXD userspace, in particular the
following commits:

ac7f3f73 (namespace) vfs: Don't modify inodes with a uid or gid unknown to the vfs
ca52383a (namespace) vfs: Don't create inodes with a uid or gid unknown to the vfs

LXD 2.0.6 will include changes to support these kernel changes, but it isn't
available yet on xenial, so for now we just revert these commits.
Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
parent b6fde09a
...@@ -2395,6 +2395,10 @@ static int do_new_mount(struct path *path, const char *fstype, int flags, ...@@ -2395,6 +2395,10 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
return -ENODEV; return -ENODEV;
if (user_ns != &init_user_ns) { if (user_ns != &init_user_ns) {
if (!(type->fs_flags & FS_USERNS_MOUNT)) {
put_filesystem(type);
return -EPERM;
}
/* Only in special cases allow devices from mounts /* Only in special cases allow devices from mounts
* created outside the initial user namespace. * created outside the initial user namespace.
*/ */
......
...@@ -466,10 +466,6 @@ struct super_block *sget_userns(struct file_system_type *type, ...@@ -466,10 +466,6 @@ struct super_block *sget_userns(struct file_system_type *type,
struct super_block *old; struct super_block *old;
int err; int err;
if (!(flags & MS_KERNMOUNT) &&
!(type->fs_flags & FS_USERNS_MOUNT) &&
!capable(CAP_SYS_ADMIN))
return ERR_PTR(-EPERM);
retry: retry:
spin_lock(&sb_lock); spin_lock(&sb_lock);
if (test) { if (test) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment