UBUNTU: SAUCE: ext4: Add module parameter to enable user namespace mounts

This is still an experimental feature, so disable it by default
and allow it only when the system administrator supplies the
userns_mounts=true module parameter.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 329fbb8ec8e039ee8cb0ad0f2b3fd7361891a764..b8ebd7c3286fd95c614e9cd6c2b93c1595b7552d 100644 (file)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -81,6 +81,10 @@ static void ext4_destroy_lazyinit_thread(void);
 static void ext4_unregister_li_request(struct super_block *sb);
 static void ext4_clear_request_list(void);
 
+static bool userns_mounts = false;
+module_param(userns_mounts, bool, 0644);
+MODULE_PARM_DESC(userns_mounts, "Allow mounts from unprivileged user namespaces");
+
 #if !defined(CONFIG_EXT2_FS) && !defined(CONFIG_EXT2_FS_MODULE) && defined(CONFIG_EXT4_USE_FOR_EXT2)
 static struct file_system_type ext2_fs_type = {
        .owner          = THIS_MODULE,
@@ -3143,6 +3147,9 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
        unsigned int journal_ioprio = DEFAULT_JOURNAL_IOPRIO;
        ext4_group_t first_not_zeroed;
 
+       if (!userns_mounts && !capable(CAP_SYS_ADMIN))
+               return -EPERM;
+
        sbi = kzalloc(sizeof(*sbi), GFP_KERNEL);
        if (!sbi)
                goto out_free_orig;