From: "Christian Brauner (Microsoft)" brauner@kernel.org
Hey Greg,
As promised, here is a series that allows to backport the fix which failed to build for you. This backports a few patches that are required to make this work. I decided to backport them instead of rolling a custom fix for this. That would've been smaller but there is future hardening work that I would like to backport and this enables this.
I've run xfstests for ext4, xfs, and btrfs as well as LTP with: runltp -f fs_perms_simple,fs_bind,containers,cap_bounds,cve,uevent,filecaps and I see no regressions. There is an xfs failure but that is related to a - for obvious reasons - missing stable backport.
Thanks! Christian
Christian Brauner (12): fs: add is_idmapped_mnt() helper fs: move mapping helpers fs: tweak fsuidgid_has_mapping() fs: account for filesystem mappings docs: update mapping documentation fs: use low-level mapping helpers fs: remove unused low-level mapping helpers fs: port higher-level mapping helpers fs: add i_user_ns() helper fs: support mapped mounts of mapped filesystems fs: fix acl translation fs: account for group membership
Documentation/filesystems/idmappings.rst | 72 ------- fs/attr.c | 26 ++- fs/cachefiles/bind.c | 2 +- fs/ecryptfs/main.c | 2 +- fs/ksmbd/smbacl.c | 19 +- fs/ksmbd/smbacl.h | 5 +- fs/namespace.c | 53 +++-- fs/nfsd/export.c | 2 +- fs/open.c | 8 +- fs/overlayfs/super.c | 2 +- fs/posix_acl.c | 27 ++- fs/proc_namespace.c | 2 +- fs/xattr.c | 6 +- fs/xfs/xfs_inode.c | 8 +- fs/xfs/xfs_linux.h | 1 + fs/xfs/xfs_symlink.c | 4 +- include/linux/fs.h | 141 ++++---------- include/linux/mnt_idmapping.h | 234 +++++++++++++++++++++++ include/linux/posix_acl_xattr.h | 4 + security/commoncap.c | 15 +- 20 files changed, 394 insertions(+), 239 deletions(-) create mode 100644 include/linux/mnt_idmapping.h
base-commit: 18a33c8dabb88b50b860e0177a73933f2c0ddf68