This patchset adds the ability for the root user in a user namespace to
call choort, to create new mount namespaces, and to manipulate mount
namespaces (mount/umount) that the userns root has created.
Additionally support is added namespace file descriptors and for setns
on the namespace file descriptors.
To keep total chaos from breaking out mount namespace file descriptors
are not allowed to be mounted into a child mount namespace, and shared
subtrees become slave subtrees when creating a new mount namespace in a
different user namespace than it's parent.
This series of changes is available in git from:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git mntns-v53
Baring problems I plan to merge these changes through my user namespace
tree for 3.8
Eric W. Biederman (5):
vfs: Allow chroot if you have CAP_SYS_CHROOT in your user namespace
vfs: Add setns support for the mount namespace
vfs: Add a user namespace reference from struct mnt_namespace
vfs: Only support slave subtrees across different user namespaces
vfs: Allow unprivileged manipulation of the mount namespace.
Zhao Hongjiang (1):
userns: fix return value on mntns_install() failure
fs/mount.h | 2 +
fs/namespace.c | 197 +++++++++++++++++++++++++++++++++--------
fs/open.c | 2 +-
fs/pnode.h | 1 +
fs/proc/namespaces.c | 5 +
include/linux/fs.h | 2 +
include/linux/mnt_namespace.h | 3 +-
include/linux/proc_fs.h | 7 ++
kernel/nsproxy.c | 2 +-
9 files changed, 182 insertions(+), 39 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
