From nobody Sat Feb 7 08:58:39 2026 Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 748E6283FDD for ; Thu, 5 Feb 2026 10:46:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770288388; cv=none; b=PdQdjb4xSkVwW0h7VpCZiyHPym4tzmbuiZnNwqF3TUSw2zhZThzBU+NsUEDvP62F1Hq/GJaqBjMZRA6GevQDn712vhIs549CcyCCi3OBtBGMDcmmyV8kczk1IZ93QrhWYBKqeLtMyI981LHMlU2bSs1kj90vG4J6t7usFkG/oCE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770288388; c=relaxed/simple; bh=FntRL1qpxfsNfmvPILCwbU6dqigMGKuJ0zJnx7gXrxs=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=lgDsWvczxshwQE2Q08MCHVKDbdkrdhVcTPXUb/NhebwY/56G03w/XuoQLHDzaDLiT5Xo5riQDAH4talmYaHLopKDJYgEHJHNsSWXb0f9FW+J3D4RUhaeNpb+ipgOeDibkMTw+AyVEmk+qSthNJGPwkhCMGtIeZ5FEFVCEdbmW/A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mihalicyn.com; spf=pass smtp.mailfrom=mihalicyn.com; dkim=pass (1024-bit key) header.d=mihalicyn.com header.i=@mihalicyn.com header.b=TaZk3GHv; arc=none smtp.client-ip=209.85.221.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mihalicyn.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mihalicyn.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=mihalicyn.com header.i=@mihalicyn.com header.b="TaZk3GHv" Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-435903c4040so572205f8f.3 for ; Thu, 05 Feb 2026 02:46:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mihalicyn.com; s=mihalicyn; t=1770288386; x=1770893186; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=pI+I8Y4vd8PrLGBnjDW8Sa0zt5Y1hsnun0xp3Gdhd6o=; b=TaZk3GHvcIEe2sT+plbieP5K2VYopl7ILZjpw4m5IHR16O9JXem0J9GvruTYqwJwzo phVz2+hSLhhob1YfzZo+BYuvdb7uipF1JFO+X+UWPi0LlSr+Pgs8Nqli9x+tBQfFvtyG mYOGqORAEAfAo28anmd2r8YSydNK/zGpgBfRs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770288386; x=1770893186; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=pI+I8Y4vd8PrLGBnjDW8Sa0zt5Y1hsnun0xp3Gdhd6o=; b=UtoyYUAeyc34IXGDhBldrcjrLCqKAlc3RT1ZrKdJos/NOF8KMwWhRbBGxSa3TzvEXs pNFuPQ8ue65x1XuyXuOBDapmmabYKSmRfVgrCc5r1aYPXy6x/ptrUE7+euJReUSHIXCp rfsUahvDKNmBzGmfUZQZOWv3ARmBjm/jkk9MfadqnNitX3tL/ys06d3wp/v/1xDYKiah 06nlyoO9jJektYpu73+gaJ2YqkgNHOF26pZhXXkwdHPMOqgXr3fbngSPZykeyTISaBQh 8jEyAOyZ8cayNcos9/OFX8750CMoRrN1GBYgnbZOwW9xICftjviTEjxOJi7UyURprPSu SoMg== X-Forwarded-Encrypted: i=1; AJvYcCV1oBK3p/ZRGuB//sd7ULuxhRRK5X7edU4zSE8aAwFfCzA5y5LHGQiyDoc/itvbXWmbnKMrLvYnNDp7Kv0=@vger.kernel.org X-Gm-Message-State: AOJu0YwCrWzX7JYTnVLQcVAIq+u5EVAonyjFBgBArJW9gcAviCk2nlbE GODUdywAFJcFC8lpqamVDGLOpk6uD2qV39vSgkOKnsixH8YC2PSF5ZuCYZTkz1CnOEw= X-Gm-Gg: AZuq6aKwcQIRwocweDdazGRIUQNQSMucsybhdaAr+/nzLm+lw9Ym87TqqgoK1mFQ+c5 N6wRqOaJcJeBzEnb8c5yh1vYm3gM5FEwtuFBgKKLf6RQFV78kaxFkHmTJZeEy14CXI/satIsBCl +3cAex6PQs7PlRzbPXY1UOh4lhJUMDaA1V+poBntMQqhDS3vuIVVimMvKi9/wszrLk5NM3+xn79 wTHts1XThrp1qXdKqy3xLYuPMu4ZFN5mBrDRsq52MYVoBKQz0k7hkwEY8GG11QWKmYiN02ZTwXR HBo8uaUdUZkClLoY7Mh3OwBERRzIC8fwWdn7kAYzW92ENs9h0ScLIde0MfNw9zBIDRIsSN9bniJ NkyY/yBaHqDioJc4HL222gEAdw7uD2MASBrJe0xq8D+DkMuVch16RsYqGoD/qdrZ8iHSTGpSgIm 5MKiY1zdqW4jaiKckFiqT/SfiqiWGJJoEMHudBBurcjnvwSoDrjW+etdURl9ErXw6/NfgsSTQbF +T3z1akUMk= X-Received: by 2002:a05:6000:2207:b0:435:faa5:c154 with SMTP id ffacd0b85a97d-43618053a3fmr9052159f8f.37.1770288386357; Thu, 05 Feb 2026 02:46:26 -0800 (PST) Received: from alex-laptop.lan (p200300cf574bcf00678f3cb95ec6a9da.dip0.t-ipconnect.de. [2003:cf:574b:cf00:678f:3cb9:5ec6:a9da]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43618057f66sm12351476f8f.25.2026.02.05.02.46.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Feb 2026 02:46:25 -0800 (PST) From: Alexander Mikhalitsyn To: ast@kernel.org Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Jeff Layton , Christian Brauner , bpf@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Alexander Mikhalitsyn Subject: [PATCH] bpf: use FS_USERNS_DELEGATABLE for bpffs Date: Thu, 5 Feb 2026 11:45:41 +0100 Message-ID: <20260205104541.171034-1-alexander@mihalicyn.com> X-Mailer: git-send-email 2.47.3 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alexander Mikhalitsyn Instead of FS_USERNS_MOUNT we should use recently introduced FS_USERNS_DELEGATABLE cause it better expresses what we really want to get there. Filesystem should not be allowed to be mounted by an unprivileged user, but at the same time we want to have sb->s_user_ns to point to the container's user namespace, at the same time superblock can only be created if capable(CAP_SYS_ADMIN) check is successful. Tested and no regressions noticed. No functional change intended. Link: https://lore.kernel.org/linux-fsdevel/6dd181bf9f6371339a6c31f58f582a9= aac3bc36a.camel@kernel.org [1] Fixes: 6fe01d3cbb92 ("bpf: Add BPF token delegation mount options to BPF FS= ") Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Andrii Nakryiko Cc: Martin KaFai Lau Cc: Eduard Zingerman Cc: Song Liu Cc: Yonghong Song Cc: John Fastabend Cc: KP Singh Cc: Stanislav Fomichev Cc: Hao Luo Cc: Jiri Olsa Cc: Jeff Layton Cc: Christian Brauner Cc: bpf@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Alexander Mikhalitsyn - RWB-tag from Jeff [1] Reviewed-by: Jeff Layton --- kernel/bpf/inode.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c index 9f866a010dad..d8dfdc846bd0 100644 --- a/kernel/bpf/inode.c +++ b/kernel/bpf/inode.c @@ -1009,10 +1009,6 @@ static int bpf_fill_super(struct super_block *sb, st= ruct fs_context *fc) struct inode *inode; int ret; =20 - /* Mounting an instance of BPF FS requires privileges */ - if (fc->user_ns !=3D &init_user_ns && !capable(CAP_SYS_ADMIN)) - return -EPERM; - ret =3D simple_fill_super(sb, BPF_FS_MAGIC, bpf_rfiles); if (ret) return ret; @@ -1085,7 +1081,7 @@ static struct file_system_type bpf_fs_type =3D { .init_fs_context =3D bpf_init_fs_context, .parameters =3D bpf_fs_parameters, .kill_sb =3D bpf_kill_super, - .fs_flags =3D FS_USERNS_MOUNT, + .fs_flags =3D FS_USERNS_DELEGATABLE, }; =20 static int __init bpf_init(void) --=20 2.47.3