On Thu, May 24, 2018 at 11:45:06AM -0500, Eric W. Biederman wrote: > Christian Brauner <christian@xxxxxxxxxx> writes: > > > On Wed, May 23, 2018 at 06:25:36PM -0500, Eric W. Biederman wrote: > >> Superblock level remounts are currently restricted to global > >> CAP_SYS_ADMIN, as is the path for changing the root mount to > >> read only on umount. Loosen both of these permission checks to > >> also allow CAP_SYS_ADMIN in any namespace which is privileged > >> towards the userns which originally mounted the filesystem. > > > > Acked-by: Christian Brauner <christian@xxxxxxxxxx> > > > >> > >> Signed-off-by: Seth Forshee <seth.forshee@xxxxxxxxxxxxx> > >> Acked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > >> Acked-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx> > > > > Note, I just talked to Serge. This should be Acked-by: Serge Hallyn <serge@xxxxxxxxxx> > > Now you know how long these patches have been sitting waiting to get > merged. Indeed. :) Christian
