• Seth Forshee's avatar
    ext4: Add support for unprivileged mounts from user namespaces · f463fe5b
    Seth Forshee authored
    Support unprivileged mounting of ext4 volumes from user
    namespaces. This requires the following changes:
    
     - Perform all uid and gid conversions to/from disk relative to
       s_user_ns. In many cases this will already be handled by the
       vfs helper functions. This also requires updates to handle
       cases where ids may not map into s_user_ns.
    
     - Update most capability checks to check for capabilities in
       s_user_ns rather than init_user_ns. These mostly reflect
       changes to the filesystem that a user in s_user_ns could
       already make externally by virtue of having write access to
       the backing device.
    
     - Restrict unsafe options in either the mount options or the
       ext4 superblock. Currently the only concerning option is
       errors=panic, and this is made to require CAP_SYS_ADMIN in
       init_user_ns.
    
     - Verify that unprivileged users have the required access to the
       journal device at the path passed via the journal_path mount
       option.
    
       Note that for the journal_path and the journal_dev mount
       options, and for external journal devices specified in the
       ext4 superblock, devcgroup restrictions will be enforced by
       __blkdev_get(), (via blkdev_get_by_dev()), ensuring that the
       user has been granted appropriate access to the block device.
    
     - Set the FS_USERNS_MOUNT flag on the filesystem types supported
       by ext4.
    
    sysfs attributes for ext4 mounts remain writable only by real
    root.
    Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
    f463fe5b
ialloc.c 37.5 KB