This is still an experimental feature, so disable it by default
and allow it only when the system administrator supplies the
userns_mounts=true module parameter.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
* transaction start -> page lock(s) -> i_data_sem (rw)
*/
+static bool userns_mounts = false;
+module_param(userns_mounts, bool, 0644);
+MODULE_PARM_DESC(userns_mounts, "Allow mounts from unprivileged user namespaces");
+
#if !defined(CONFIG_EXT2_FS) && !defined(CONFIG_EXT2_FS_MODULE) && defined(CONFIG_EXT4_USE_FOR_EXT2)
static struct file_system_type ext2_fs_type = {
.owner = THIS_MODULE,
if ((data && !orig_data) || !sbi)
goto out_free_base;
+ if (!userns_mounts && !capable(CAP_SYS_ADMIN)) {
+ ret = -EPERM;
+ goto out_free_base;
+ }
+
sbi->s_daxdev = dax_dev;
sbi->s_blockgroup_lock =
kzalloc(sizeof(struct blockgroup_lock), GFP_KERNEL);