summaryrefslogtreecommitdiff
path: root/include/linux/fs
diff options
context:
space:
mode:
authorChristian Brauner <brauner@kernel.org>2026-04-27 17:51:43 +0200
committerChristian Brauner <brauner@kernel.org>2026-05-11 23:13:02 +0200
commita76640171b29fc91b9777a8e1bdc7e08db697275 (patch)
tree50e38a655a8848ecac252f096d8111819f521733 /include/linux/fs
parente75c21d5ad82def93bc77e9aa41c2212964a8d2f (diff)
parentc5dffafb426f927db1630140552dc11d6f76e1a6 (diff)
Merge patch series "proc: subset=pid: Relax check of mount visibility"
Alexey Gladkov <legion@kernel.org> says: When mounting procfs with the subset=pids option, all static files become unavailable and only the dynamic part with information about pids is accessible. In this case, there is no point in imposing additional restrictions on the visibility of the entire filesystem for the mounter. Everything that can be hidden in procfs is already inaccessible. Currently, these restrictions prevent procfs from being mounted inside rootless containers, as almost all container implementations override part of procfs to hide certain directories. Relaxing these restrictions will allow pidfs to be used in nested containerization. * patches from https://patch.msgid.link/cover.1777278334.git.legion@kernel.org: docs: proc: add documentation about mount restrictions proc: handle subset=pid separately in userns visibility checks proc: prevent reconfiguring subset=pid proc: subset=pid: Show /proc/self/net only for CAP_NET_ADMIN sysfs: remove trivial sysfs_get_tree() wrapper fs: move SB_I_USERNS_VISIBLE to FS_USERNS_MOUNT_RESTRICTED namespace: record fully visible mounts in list Link: https://patch.msgid.link/cover.1777278334.git.legion@kernel.org Signed-off-by: Christian Brauner <brauner@kernel.org>
Diffstat (limited to 'include/linux/fs')
-rw-r--r--include/linux/fs/super_types.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/fs/super_types.h b/include/linux/fs/super_types.h
index 383050e7fdf5..a6cdc8f6de4e 100644
--- a/include/linux/fs/super_types.h
+++ b/include/linux/fs/super_types.h
@@ -326,7 +326,7 @@ struct super_block {
#define SB_I_STABLE_WRITES 0x00000008 /* don't modify blks until WB is done */
/* sb->s_iflags to limit user namespace mounts */
-#define SB_I_USERNS_VISIBLE 0x00000010 /* fstype already mounted */
+#define SB_I_RESTRICTED_VARIANT 0x00000010
#define SB_I_IMA_UNVERIFIABLE_SIGNATURE 0x00000020
#define SB_I_UNTRUSTED_MOUNTER 0x00000040
#define SB_I_EVM_HMAC_UNSUPPORTED 0x00000080