[Linux-cachefs] [PATCH v2] cachefiles: do not yet allow on idmapped mounts

[Christian Brauner]

Based on discussion with David Howells my understanding of cachefiles
and the cachefiles userspace daemon is that it creates a cache on a
local filesystem (e.g. ext4, xfs etc.) for a network filesystem. The way
this is done is by writing "bind" to /dev/cachefiles and pointing it to
the directory to use as the cache.
So from our offline discussion I gather that cachefilesd creates a cache
on a local filesystem (ext4, xfs etc.) for a network filesystem. The way
this is done is by writing "bind" to /dev/cachefiles and pointing it to
a directory to use as the cache.
Currently this directory can technically also be an idmapped mount but
cachefiles aren't yet fully aware of such mounts and thus don't take the
idmapping into account. This could leave users confused as the ownership
of the files wouldn't match to what they expressed in the idmapping. So
let's not allow this for now and only make cachefiles aware of idmapped
mounts after it's current rewrite/rework is done.

Link: https://lore.kernel.org/lkml/20210303161528.n3jzg66ou2wa43qb@wittgenstein
Cc: David Howells <dhowells at redhat.com>
Cc: linux-cachefs at redhat.com
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
/* v2 */
- Christian Brauner <christian.brauner at ubuntu.com>:
  - Ensure that "root" is initialized when cleaning up; reported by
    kbuild.
---
 fs/cachefiles/bind.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c
index dfb14dbddf51..aaa5cc445588 100644
--- a/fs/cachefiles/bind.c
+++ b/fs/cachefiles/bind.c
@@ -118,6 +118,10 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache)
 	cache->mnt = path.mnt;
 	root = path.dentry;
 
+	ret = -EINVAL;
+	if (mnt_user_ns(path.mnt) != &init_user_ns)
+		goto error_unsupported;
+
 	/* check parameters */
 	ret = -EOPNOTSUPP;
 	if (d_is_negative(root) ||

base-commit: 1e28eed17697bcf343c6743f0028cc3b5dd88bf0
-- 
2.27.0