From: Alexander Mikhalitsyn Instead of FS_USERNS_MOUNT we should use recently introduced FS_USERNS_DELEGATABLE cause it better expresses what we really want to get there. Filesystem should not be allowed to be mounted by an unprivileged user, but at the same time we want to have sb->s_user_ns to point to the container's user namespace, at the same time superblock can only be created if capable(CAP_SYS_ADMIN) check is successful. Tested and no regressions noticed. No functional change intended. Link: https://lore.kernel.org/linux-fsdevel/6dd181bf9f6371339a6c31f58f582a9aac3bc36a.camel@kernel.org [1] Fixes: 6fe01d3cbb92 ("bpf: Add BPF token delegation mount options to BPF FS") Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Andrii Nakryiko Cc: Martin KaFai Lau Cc: Eduard Zingerman Cc: Song Liu Cc: Yonghong Song Cc: John Fastabend Cc: KP Singh Cc: Stanislav Fomichev Cc: Hao Luo Cc: Jiri Olsa Cc: Jeff Layton Cc: Christian Brauner Cc: bpf@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Alexander Mikhalitsyn - RWB-tag from Jeff [1] Reviewed-by: Jeff Layton --- kernel/bpf/inode.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c index 9f866a010dad..d8dfdc846bd0 100644 --- a/kernel/bpf/inode.c +++ b/kernel/bpf/inode.c @@ -1009,10 +1009,6 @@ static int bpf_fill_super(struct super_block *sb, struct fs_context *fc) struct inode *inode; int ret; - /* Mounting an instance of BPF FS requires privileges */ - if (fc->user_ns != &init_user_ns && !capable(CAP_SYS_ADMIN)) - return -EPERM; - ret = simple_fill_super(sb, BPF_FS_MAGIC, bpf_rfiles); if (ret) return ret; @@ -1085,7 +1081,7 @@ static struct file_system_type bpf_fs_type = { .init_fs_context = bpf_init_fs_context, .parameters = bpf_fs_parameters, .kill_sb = bpf_kill_super, - .fs_flags = FS_USERNS_MOUNT, + .fs_flags = FS_USERNS_DELEGATABLE, }; static int __init bpf_init(void) -- 2.47.3