vfs: Add user namespace control of mounts.
The details changes below make it possible to isolate superblocks
and mount namespaces in a usernamespace, and to not need global
capability permissions to manipulate the user namespace.
- Add a user_ns owner to the mount namespace.
- Add a user_ns owner to struct super_block.
- Add a FS_SAFE flag for struct file_system_type to allow marking
filesystems to be safe to be mounted by anyone.
- Reduce the capabilities needed for mount namspace manipulation
to just CAP_SYS_ADMIN in the user namespace that the
mount namespace is in.
- For new mounts recquire CAP_SYS_ADMIN in the initial user namespace
unless tye filesystem was marked safe.
- Require remounts to be have CAP_SYS_ADMIN in the user namespace
of the super block.
- For permission checks where the userns is needed use the userns
in the superblock instead of the init_user_ns.
Signed-off-by: Eric W. Biederman <ebiederm@aristanetworks.com>
4 files changed