aufs: optional support for FS_USERNS_MOUNT

Still I am not sure how this feature breaches the security. Some people say it doesn't matter. But I don't know. Anyway upon the request from the users, aufs implements it as a module option. Signed-off-by: J. R. Okajima <hooanon05g@gmail.com>

aufs: optional support for FS_USERNS_MOUNT
Still I am not sure how this feature breaches the security. Some people say it doesn't matter. But I don't know. Anyway upon the request from the users, aufs implements it as a module option. Signed-off-by: J. R. Okajima <hooanon05g@gmail.com>
44720530 · J. R. Okajima · 9512a2c3 · 44720530 · 44720530
Commit 44720530 authored Mar 30, 2015 by J. R. Okajima
--- a/fs/aufs/module.c
+++ b/fs/aufs/module.c
@@ -138,6 +138,11 @@ int sysaufs_brs = 1;
 MODULE_PARM_DESC(brs, "use <sysfs>/fs/aufs/si_*/brN");
 module_param_named(brs, sysaufs_brs, int, 0444);
+/* this module parameter has no meaning when USER_NS is disabled */
+bool au_userns;
+MODULE_PARM_DESC(allow_userns, "allow unprivileged to mount under userns");
+module_param_named(allow_userns, au_userns, bool, 0444);
 /* ---------------------------------------------------------------------- */
 static char au_esc_chars[0x20 + 3]; /* 0x01-0x20, backslash, del, and NULL */
@@ -206,6 +211,7 @@ static int __init aufs_init(void)
 	if (unlikely(err))
 		goto out_sysrq;
+	aufs_fs_type.fs_flags |= au_userns ? FS_USERNS_MOUNT : 0;
 	err = register_filesystem(&aufs_fs_type);
 	if (unlikely(err))
 		goto out_cache;

--- a/fs/aufs/module.h
+++ b/fs/aufs/module.h
@@ -24,6 +24,7 @@ struct seq_file;
 /* module parameters */
 extern int sysaufs_brs;
+extern bool au_userns;
 /* ---------------------------------------------------------------------- */