userns: Allow the userns root to mount tmpfs.

There is no backing store to tmpfs and file creation rules are the same as for any other filesystem so it is semantically safe to allow unprivileged users to mount it. ramfs is safe for the same reasons so allow either flavor of tmpfs to be mounted by a user namespace root user. The memory control group successfully limits how much memory tmpfs can consume on any system that cares about a user namespace root using tmpfs to exhaust memory the memory control group can be deployed. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2013-01-25 19:32:10 -0500
committer: Eric W. Biederman <ebiederm@xmission.com> 2013-01-27 01:23:05 -0500
commit: 2b8576cb09a7b1b581c253554bf9e05d3adce7d6 (patch)
tree: acba53f712c463a2bba3416145e705876a8d6c90 /mm/shmem.c
parent: b3c6761d9b5cc82deea7416d11c2118f6380e99c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/mm/shmem.c b/mm/shmem.c
index 5c90d84c2b02..197ca5eccbae 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -2766,6 +2766,7 @@ static struct file_system_type shmem_fs_type = {
        .name           = "tmpfs",
        .mount          = shmem_mount,
        .kill_sb        = kill_litter_super,
+        .fs_flags       = FS_USERNS_MOUNT,
 };
 int __init shmem_init(void)
@@ -2823,6 +2824,7 @@ static struct file_system_type shmem_fs_type = {
        .name           = "tmpfs",
        .mount          = ramfs_mount,
        .kill_sb        = kill_litter_super,
+        .fs_flags       = FS_USERNS_MOUNT,
 };
 int __init shmem_init(void)
author	Eric W. Biederman <ebiederm@xmission.com>	2013-01-25 19:32:10 -0500
committer	Eric W. Biederman <ebiederm@xmission.com>	2013-01-27 01:23:05 -0500
commit	2b8576cb09a7b1b581c253554bf9e05d3adce7d6 (patch)
tree	acba53f712c463a2bba3416145e705876a8d6c90 /mm/shmem.c
parent	b3c6761d9b5cc82deea7416d11c2118f6380e99c (diff)