On Thu, May 24, 2018 at 11:45:06AM -0500, Eric W. Biederman wrote: > Christian Brauner <[email protected]> writes: > > > On Wed, May 23, 2018 at 06:25:36PM -0500, Eric W. Biederman wrote: > >> Superblock level remounts are currently restricted to global > >> CAP_SYS_ADMIN, as is the path for changing the root mount to > >> read only on umount. Loosen both of these permission checks to > >> also allow CAP_SYS_ADMIN in any namespace which is privileged > >> towards the userns which originally mounted the filesystem. > > > > Acked-by: Christian Brauner <[email protected]> > > > >> > >> Signed-off-by: Seth Forshee <[email protected]> > >> Acked-by: "Eric W. Biederman" <[email protected]> > >> Acked-by: Serge Hallyn <[email protected]> > > > > Note, I just talked to Serge. This should be Acked-by: Serge Hallyn > > <[email protected]> > > Now you know how long these patches have been sitting waiting to get > merged.
Indeed. :) Christian
