Pull request: nsmount updates
Seth Forshee
seth.forshee at canonical.com
Tue Apr 5 20:16:31 UTC 2016
These commits bring xenial up to date wrt my branch for upstream. Most
of the changes here are in response to upstream feedback. At a high
level the changes are:
- A small improvement to the quota code, then disallow enabling quota
for mounts from non-init user namespaces. Since quota in non-init
namespaces isn't a requirement in 16.04 we're better off disabling it
until we know for sure how it will be handled upstream. However ext4
might temporarily enable quota during mount if recovering from an
unclean unmount, so the kernel needs to be able to handle it.
- Revert the way capabilities are determined for inodes in userns
mounts back to how it is upstream, i.e. based on both capabilities
and inode ownership, but allow a privileged user in s_user_ns to
chown if the id being changed is invalid and the other id is either
invalid or an id mapped into s_user_ns. This gives the mounter
control over inodes with unmappable ids while making it safe to have
s_user_ns != &init_user_ns for proc and kernfs-based mounts.
- Fix an incompatibility between cgroup namespaces and user namespace
mounts. Previously this was fixed as a side effect of another patch,
but that patch is being reverted.
- Remove a needless mount option initialization in fuse.
- Fix a resource leak for an error path in sget_userns().
Thanks,
Seth
---
The following changes since commit ccc522f630c479f635b63a328a16f972ad381144:
UBUNTU: Ubuntu-4.4.0-16.32 (2016-03-24 14:33:15 -0600)
are available in the git repository at:
git://git.launchpad.net/~sforshee/+git/ubuntu-xenial nsmount
for you to fetch changes up to 1a2f7ac533e43ed88270375017e1203fc61ef500:
UBUNTU: SAUCE: fs: fix a posible leak of allocated superblock (2016-04-05 15:06:25 -0500)
----------------------------------------------------------------
Pavel Tikhomirov (1):
UBUNTU: SAUCE: fs: fix a posible leak of allocated superblock
Seth Forshee (8):
UBUNTU: SAUCE: quota: Require that qids passed to dqget() be valid and map into s_user_ns
Revert "UBUNTU: SAUCE: quota: Treat superblock owner as privilged"
Revert "UBUNTU: SAUCE: fs: Ensure the mounter of a filesystem is privileged towards its inodes"
Revert "UBUNTU: SAUCE: kernfs: Always set super block owner to init_user_ns"
Revert "UBUNTU: SAUCE: proc: Always set super block owner to init_user_ns"
UBUNTU: SAUCE: fs: Allow superblock owner to change ownership of inodes with unmappable ids
UBUNTU: SAUCE: fuse: Don't initialize user_id or group_id in mount options
UBUNTU: SAUCE: cgroup: Use a new super block when mounting in a cgroup namespace
fs/attr.c | 47 +++++++++++++++++++++++++++++++++++++++--------
fs/fuse/inode.c | 2 --
fs/inode.c | 3 ---
fs/kernfs/inode.c | 2 ++
fs/kernfs/mount.c | 4 +---
fs/proc/base.c | 2 ++
fs/proc/generic.c | 3 +++
fs/proc/proc_sysctl.c | 2 ++
fs/proc/root.c | 2 +-
fs/quota/dquot.c | 6 ++++++
fs/quota/quota.c | 2 +-
fs/super.c | 4 ++++
include/linux/cgroup-defs.h | 4 ++++
kernel/capability.c | 13 ++++---------
kernel/cgroup.c | 69 ++++++++++++++++++++++++++++++---------------------------------------
15 files changed, 99 insertions(+), 66 deletions(-)
More information about the kernel-team
mailing list