From: Alexander Mikhalitsyn <alexander@mihalicyn.com>
To: ast@kernel.org
Cc: Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, Jeff Layton <jlayton@kernel.org>,
Christian Brauner <brauner@kernel.org>,
bpf@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org,
Alexander Mikhalitsyn <aleksandr.mikhalitsyn@futurfusion.io>
Subject: [PATCH] bpf: use FS_USERNS_DELEGATABLE for bpffs
Date: Thu, 5 Feb 2026 11:45:41 +0100 [thread overview]
Message-ID: <20260205104541.171034-1-alexander@mihalicyn.com> (raw)
From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@futurfusion.io>
Instead of FS_USERNS_MOUNT we should use recently introduced
FS_USERNS_DELEGATABLE cause it better expresses what we
really want to get there. Filesystem should not be allowed
to be mounted by an unprivileged user, but at the same time
we want to have sb->s_user_ns to point to the container's
user namespace, at the same time superblock can only
be created if capable(CAP_SYS_ADMIN) check is successful.
Tested and no regressions noticed.
No functional change intended.
Link: https://lore.kernel.org/linux-fsdevel/6dd181bf9f6371339a6c31f58f582a9aac3bc36a.camel@kernel.org [1]
Fixes: 6fe01d3cbb92 ("bpf: Add BPF token delegation mount options to BPF FS")
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Andrii Nakryiko <andrii@kernel.org>
Cc: Martin KaFai Lau <martin.lau@linux.dev>
Cc: Eduard Zingerman <eddyz87@gmail.com>
Cc: Song Liu <song@kernel.org>
Cc: Yonghong Song <yonghong.song@linux.dev>
Cc: John Fastabend <john.fastabend@gmail.com>
Cc: KP Singh <kpsingh@kernel.org>
Cc: Stanislav Fomichev <sdf@fomichev.me>
Cc: Hao Luo <haoluo@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Jeff Layton <jlayton@kernel.org>
Cc: Christian Brauner <brauner@kernel.org>
Cc: bpf@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@futurfusion.io>
- RWB-tag from Jeff [1]
Reviewed-by: Jeff Layton <jlayton@kernel.org>
---
kernel/bpf/inode.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
index 9f866a010dad..d8dfdc846bd0 100644
--- a/kernel/bpf/inode.c
+++ b/kernel/bpf/inode.c
@@ -1009,10 +1009,6 @@ static int bpf_fill_super(struct super_block *sb, struct fs_context *fc)
struct inode *inode;
int ret;
- /* Mounting an instance of BPF FS requires privileges */
- if (fc->user_ns != &init_user_ns && !capable(CAP_SYS_ADMIN))
- return -EPERM;
-
ret = simple_fill_super(sb, BPF_FS_MAGIC, bpf_rfiles);
if (ret)
return ret;
@@ -1085,7 +1081,7 @@ static struct file_system_type bpf_fs_type = {
.init_fs_context = bpf_init_fs_context,
.parameters = bpf_fs_parameters,
.kill_sb = bpf_kill_super,
- .fs_flags = FS_USERNS_MOUNT,
+ .fs_flags = FS_USERNS_DELEGATABLE,
};
static int __init bpf_init(void)
--
2.47.3
next reply other threads:[~2026-02-05 10:46 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-05 10:45 Alexander Mikhalitsyn [this message]
2026-02-05 11:20 ` [PATCH] bpf: use FS_USERNS_DELEGATABLE for bpffs bot+bpf-ci
2026-02-05 11:27 ` Alexander Mikhalitsyn
2026-02-05 12:38 ` Daniel Borkmann
2026-02-05 12:49 ` Alexander Mikhalitsyn
2026-02-05 13:57 ` Alexander Mikhalitsyn
2026-02-05 16:43 ` Alexei Starovoitov
2026-02-05 17:17 ` Alexander Mikhalitsyn
2026-02-05 17:24 ` Alexei Starovoitov
2026-02-05 17:58 ` kernel test robot
2026-02-05 21:06 ` kernel test robot
2026-02-05 21:43 ` kernel test robot
2026-02-05 22:58 ` kernel test robot
2026-02-06 12:32 ` Christian Brauner
2026-02-06 12:42 ` Alexander Mikhalitsyn
2026-02-06 12:44 ` Alexander Mikhalitsyn
2026-02-09 11:11 ` Christian Brauner
2026-02-06 12:45 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260205104541.171034-1-alexander@mihalicyn.com \
--to=alexander@mihalicyn.com \
--cc=aleksandr.mikhalitsyn@futurfusion.io \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=jlayton@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox