Skip to content
Snippets Groups Projects
Commit bc6155d1 authored by Eric W. Biederman's avatar Eric W. Biederman
Browse files

fs: Allow superblock owner to access do_remount_sb() 


Superblock level remounts are currently restricted to global
CAP_SYS_ADMIN, as is the path for changing the root mount to
read only on umount. Loosen both of these permission checks to
also allow CAP_SYS_ADMIN in any namespace which is privileged
towards the userns which originally mounted the filesystem.

Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Acked-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
Acked-by: default avatarChristian Brauner <christian@brauner.io>
Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
parent 0031181c
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 2 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment