Christian Brauner <christian@xxxxxxxxxx> writes: > On Wed, May 23, 2018 at 06:25:36PM -0500, Eric W. Biederman wrote: >> Superblock level remounts are currently restricted to global >> CAP_SYS_ADMIN, as is the path for changing the root mount to >> read only on umount. Loosen both of these permission checks to >> also allow CAP_SYS_ADMIN in any namespace which is privileged >> towards the userns which originally mounted the filesystem. > > Acked-by: Christian Brauner <christian@xxxxxxxxxx> > >> >> Signed-off-by: Seth Forshee <seth.forshee@xxxxxxxxxxxxx> >> Acked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> >> Acked-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx> > > Note, I just talked to Serge. This should be Acked-by: Serge Hallyn <serge@xxxxxxxxxx> Now you know how long these patches have been sitting waiting to get merged. Eric