UBUNTU: SAUCE: (namespace) ext4: Add module parameter to enable user namespace mounts

This is still an experimental feature, so disable it by default
and allow it only when the system administrator supplies the
userns_mounts=true module parameter.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index ff956f1127acda9a8fae21e3f247012ac82082f6..c8c6ffc55cd00995e60056a4bf6819c16651f1a4 100644 (file)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -112,6 +112,10 @@ static struct inode *ext4_get_journal_inode(struct super_block *sb,
  * transaction start -> page lock(s) -> i_data_sem (rw)
  */
 
+static bool userns_mounts = false;
+module_param(userns_mounts, bool, 0644);
+MODULE_PARM_DESC(userns_mounts, "Allow mounts from unprivileged user namespaces");
+
 #if !defined(CONFIG_EXT2_FS) && !defined(CONFIG_EXT2_FS_MODULE) && defined(CONFIG_EXT4_USE_FOR_EXT2)
 static struct file_system_type ext2_fs_type = {
        .owner          = THIS_MODULE,
@@ -3363,6 +3367,11 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
        if ((data && !orig_data) || !sbi)
                goto out_free_base;
 
+       if (!userns_mounts && !capable(CAP_SYS_ADMIN)) {
+               ret = -EPERM;
+               goto out_free_base;
+       }
+
        sbi->s_blockgroup_lock =
                kzalloc(sizeof(struct blockgroup_lock), GFP_KERNEL);
        if (!sbi->s_blockgroup_lock)