UBUNTU: SAUCE: (namespace) Bypass sget() capability check for nfs

BugLink: http://bugs.launchpad.net/bugs/1603719

302cabb7 "UBUNTU: SAUCE: (namespace) Sync with upstream s_user_ns
patches" added a capability check to sget() which causes a
regression for automatic submounts, which may happen in the
context of an unprivileged user. The capability check is not
necessary in this case.

The check can be bypassed by using sget_userns() instead.
init_user_namespace should be used for the user ns since nfs does
not support unprivileged mounting. This change makes the nfs
mount behavior in xenial functionally identical to upstream.
Acked-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

fs/nfs/super.c

@@ -2559,7 +2559,8 @@ struct dentry *nfs_fs_mount_common(struct nfs_server *server,
 			sb_mntdata.mntflags |= MS_SYNCHRONOUS;
 
 	/* Get a superblock - note that we may end up sharing one that already exists */
-	s = sget(nfs_mod->nfs_fs, compare_super, nfs_set_super, flags, &sb_mntdata);
+	s = sget_userns(nfs_mod->nfs_fs, compare_super, nfs_set_super, flags,
+			&init_user_ns, &sb_mntdata);
 	if (IS_ERR(s)) {
 		mntroot = ERR_CAST(s);
 		goto out_err_nosb;