3 files changed, 51 insertions, 0 deletions

diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index f630951df8dc..5256ad333b05 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -985,6 +985,7 @@ ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size);
 int fuse_removexattr(struct inode *inode, const char *name);
 extern const struct xattr_handler *fuse_xattr_handlers[];
 extern const struct xattr_handler *fuse_acl_xattr_handlers[];
+extern const struct xattr_handler *fuse_no_acl_xattr_handlers[];
 
 struct posix_acl;
 struct posix_acl *fuse_get_acl(struct inode *inode, int type);
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 1643043d4fe5..22c76cf8c2e3 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1100,6 +1100,13 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
             file->f_cred->user_ns != sb->s_user_ns)
                 goto err_fput;
 
+        /*
+         * If we are not in the initial user namespace posix
+         * acls must be translated.
+         */
+        if (sb->s_user_ns != &init_user_ns)
+                sb->s_xattr = fuse_no_acl_xattr_handlers;
+
         fc = kmalloc(sizeof(*fc), GFP_KERNEL);
         err = -ENOMEM;
         if (!fc)
diff --git a/fs/fuse/xattr.c b/fs/fuse/xattr.c
index 3caac46b08b0..433717640f78 100644
--- a/fs/fuse/xattr.c
+++ b/fs/fuse/xattr.c
@@ -192,6 +192,26 @@ static int fuse_xattr_set(const struct xattr_handler *handler,
         return fuse_setxattr(inode, name, value, size, flags);
 }
 
+static bool no_xattr_list(struct dentry *dentry)
+{
+        return false;
+}
+
+static int no_xattr_get(const struct xattr_handler *handler,
+                        struct dentry *dentry, struct inode *inode,
+                        const char *name, void *value, size_t size)
+{
+        return -EOPNOTSUPP;
+}
+
+static int no_xattr_set(const struct xattr_handler *handler,
+                        struct dentry *dentry, struct inode *nodee,
+                        const char *name, const void *value,
+                        size_t size, int flags)
+{
+        return -EOPNOTSUPP;
+}
+
 static const struct xattr_handler fuse_xattr_handler = {
         .prefix = "",
         .get    = fuse_xattr_get,
@@ -209,3 +229,26 @@ const struct xattr_handler *fuse_acl_xattr_handlers[] = {
         &fuse_xattr_handler,
         NULL
 };
+
+static const struct xattr_handler fuse_no_acl_access_xattr_handler = {
+        .name  = XATTR_NAME_POSIX_ACL_ACCESS,
+        .flags = ACL_TYPE_ACCESS,
+        .list  = no_xattr_list,
+        .get   = no_xattr_get,
+        .set   = no_xattr_set,
+};
+
+static const struct xattr_handler fuse_no_acl_default_xattr_handler = {
+        .name  = XATTR_NAME_POSIX_ACL_DEFAULT,
+        .flags = ACL_TYPE_ACCESS,
+        .list  = no_xattr_list,
+        .get   = no_xattr_get,
+        .set   = no_xattr_set,
+};
+
+const struct xattr_handler *fuse_no_acl_xattr_handlers[] = {
+        &fuse_no_acl_access_xattr_handler,
+        &fuse_no_acl_default_xattr_handler,
+        &fuse_xattr_handler,
+        NULL
+};