Allow kthreads to create a private mount namespace. Signed-off-by: Christian Brauner --- fs/namespace.c | 30 ++++++++++++++++++++++++++++++ include/linux/mount.h | 1 + 2 files changed, 31 insertions(+) diff --git a/fs/namespace.c b/fs/namespace.c index 854f4fc66469..e23d2fa7e255 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -6200,6 +6200,36 @@ static void __init init_mount_tree(void) ns_tree_add(&init_mnt_ns); } +/* + * Allow to give a specific kthread a private mount namespace anchored + * in the userspace nullfs (mount id 1) so it can mount. + */ +int __init kthread_mntns(void) +{ + struct mount *m; + struct path root; + int ret; + + /* Only allowed for kthreads in the initial mount namespace. */ + VFS_WARN_ON_ONCE(!(current->flags & PF_KTHREAD)); + VFS_WARN_ON_ONCE(current->nsproxy->mnt_ns != &init_mnt_ns); + + /* + * TODO: switch to creating a completely empty mount namespace + * once that series lands. + */ + ret = ksys_unshare(CLONE_NEWNS); + if (ret) + return ret; + + m = current->nsproxy->mnt_ns->root; + root.mnt = &m->mnt; + root.dentry = root.mnt->mnt_root; + set_fs_pwd(current->fs, &root); + set_fs_root(current->fs, &root); + return 0; +} + void __init mnt_init(void) { int err; diff --git a/include/linux/mount.h b/include/linux/mount.h index acfe7ef86a1b..69d61f21b548 100644 --- a/include/linux/mount.h +++ b/include/linux/mount.h @@ -106,6 +106,7 @@ int do_mount(const char *, const char __user *, extern const struct path *collect_paths(const struct path *, struct path *, unsigned); extern void drop_collected_paths(const struct path *, const struct path *); extern void kern_unmount_array(struct vfsmount *mnt[], unsigned int num); +int __init kthread_mntns(void); extern int cifs_root_data(char **dev, char **opts); -- 2.47.3