Prevent overlayfs from being mounted on top of idmapped mounts until we have ported it to handle this case and added proper testing for it. Cc: Christoph Hellwig <hch@xxxxxx> Cc: David Howells <dhowells@xxxxxxxxxx> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> Cc: linux-fsdevel@xxxxxxxxxxxxxxx Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx> --- /* v2 */ patch introduced /* v3 */ - Amir Goldstein <amir73il@xxxxxxxxx>: - Move check for idmapped lower layers into ovl_mount_dir_noesc(). - David Howells <dhowells@xxxxxxxxxx>: - Adapt check after removing mnt_idmapped() helper. --- fs/overlayfs/super.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 0d4f2baf6836..5002f97b01e6 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -811,6 +811,10 @@ static int ovl_mount_dir_noesc(const char *name, struct path *path) pr_err("filesystem on '%s' not supported\n", name); goto out_put; } + if (mnt_user_ns(path->mnt) != &init_user_ns) { + pr_err("idmapped layers are currently not supported\n"); + goto out_put; + } if (!d_is_dir(path->dentry)) { pr_err("'%s' not a directory\n", name); goto out_put; -- 2.29.2