Allow kthreads to create a private mount namespace.
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/namespace.c | 30 ++++++++++++++++++++++++++++++
include/linux/mount.h | 1 +
2 files changed, 31 insertions(+)
diff --git a/fs/namespace.c b/fs/namespace.c
index 854f4fc66469..e23d2fa7e255 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -6200,6 +6200,36 @@ static void __init init_mount_tree(void)
ns_tree_add(&init_mnt_ns);
}
+/*
+ * Allow to give a specific kthread a private mount namespace anchored
+ * in the userspace nullfs (mount id 1) so it can mount.
+ */
+int __init kthread_mntns(void)
+{
+ struct mount *m;
+ struct path root;
+ int ret;
+
+ /* Only allowed for kthreads in the initial mount namespace. */
+ VFS_WARN_ON_ONCE(!(current->flags & PF_KTHREAD));
+ VFS_WARN_ON_ONCE(current->nsproxy->mnt_ns != &init_mnt_ns);
+
+ /*
+ * TODO: switch to creating a completely empty mount namespace
+ * once that series lands.
+ */
+ ret = ksys_unshare(CLONE_NEWNS);
+ if (ret)
+ return ret;
+
+ m = current->nsproxy->mnt_ns->root;
+ root.mnt = &m->mnt;
+ root.dentry = root.mnt->mnt_root;
+ set_fs_pwd(current->fs, &root);
+ set_fs_root(current->fs, &root);
+ return 0;
+}
+
void __init mnt_init(void)
{
int err;
diff --git a/include/linux/mount.h b/include/linux/mount.h
index acfe7ef86a1b..69d61f21b548 100644
--- a/include/linux/mount.h
+++ b/include/linux/mount.h
@@ -106,6 +106,7 @@ int do_mount(const char *, const char __user *,
extern const struct path *collect_paths(const struct path *, struct path *, unsigned);
extern void drop_collected_paths(const struct path *, const struct path *);
extern void kern_unmount_array(struct vfsmount *mnt[], unsigned int num);
+int __init kthread_mntns(void);
extern int cifs_root_data(char **dev, char **opts);
--
2.47.3