www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Christian Brauner <brauner@kernel.org>
	Tue, 4 Feb 2025 14:24:12 +0000 (15:24 +0100)
committer	Christian Brauner <brauner@kernel.org>
	Wed, 12 Feb 2025 11:12:27 +0000 (12:12 +0100)
commit	312994674eb1748c3c7b07b82935250a980262b7
tree	50a99a3f5cf355d41a90b56d085e85db61001af6	tree
parent	29349a3d6da3be3210a2d0be3a17433dd10f9a40	commit \| diff
parent	ccc829b15d48a450b186cab097f4f5d01df445d4	commit \| diff

Merge patch series "fs: allow detached mounts in clone_private_mount()"

Christian Brauner <brauner@kernel.org> says:

In container workloads idmapped mounts are often used as layers for
overlayfs. Recently I added the ability to specify layers in overlayfs
as file descriptors instead of path names. It should be possible to
simply use the detached mounts directly when specifying layers instead
of having to attach them beforehand. They are discarded after overlayfs
is mounted anyway so it's pointless system calls for userspace and
pointless locking for the kernel.

This just recently come up again in [1]. So enable clone_private_mount()
to use detached mounts directly. Following conditions must be met:

- Provided path must be the root of a detached mount tree.
- Provided path may not create mount namespace loops.
- Provided path must be mounted.

It would be possible to be stricter and require that the caller must
have CAP_SYS_ADMIN in the owning user namespace of the anonymous mount
namespace but since this restriction isn't enforced for move_mount()
there's no point in enforcing it for clone_private_mount().

* patches from https://lore.kernel.org/r/20250123-avancieren-erfreuen-3d61f6588fdd@brauner:
selftests: add tests for using detached mount with overlayfs
fs: allow detached mounts in clone_private_mount()

Link: https://lore.kernel.org/r/20250123-avancieren-erfreuen-3d61f6588fdd@brauner
Signed-off-by: Christian Brauner <brauner@kernel.org>