From: Zhao Hongjiang <zhaohongjiang@xxxxxxxxxx> Relax the permission checks to allow unprivileged users that have CAP_SYS_ADMIN permissions in the user namespace referred to by the current mount namespace to be allowed to remount filesystems. Signed-off-by: Zhao Hongjiang <zhaohongjiang@xxxxxxxxxx> --- fs/namespace.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index af238d0..72be266 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1748,7 +1748,7 @@ static int do_remount(struct path *path, int flags, int mnt_flags, struct super_block *sb = path->mnt->mnt_sb; struct mount *mnt = real_mount(path->mnt); - if (!capable(CAP_SYS_ADMIN)) + if (!ns_capable(mnt->mnt_ns->user_ns, CAP_SYS_ADMIN)) return -EPERM; if (!check_mnt(mnt)) -- 1.7.1 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
