git.ipfire.org Git - thirdparty/linux.git/commit

Merge tag 'vfs-7.0-rc1.namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

Pull vfs mount updates from Christian Brauner:

- statmount: accept fd as a parameter

   Extend struct mnt_id_req with a file descriptor field and a new
   STATMOUNT_BY_FD flag. When set, statmount() returns mount information
   for the mount the fd resides on — including detached mounts
   (unmounted via umount2(MNT_DETACH)).

   For detached mounts the STATMOUNT_MNT_POINT and STATMOUNT_MNT_NS_ID
   mask bits are cleared since neither is meaningful. The capability
   check is skipped for STATMOUNT_BY_FD since holding an fd already
   implies prior access to the mount and equivalent information is
   available through fstatfs() and /proc/pid/mountinfo without
   privilege. Includes comprehensive selftests covering both attached
   and detached mount cases.

- fs: Remove internal old mount API code (1 patch)

   Now that every in-tree filesystem has been converted to the new
   mount API, remove all the legacy shim code in fs_context.c that
   handled unconverted filesystems. This deletes ~280 lines including
   legacy_init_fs_context(), the legacy_fs_context struct, and
   associated wrappers. The mount(2) syscall path for userspace remains
   untouched. Documentation references to the legacy callbacks are
   cleaned up.

- mount: add OPEN_TREE_NAMESPACE to open_tree()

   Container runtimes currently use CLONE_NEWNS to copy the caller's
   entire mount namespace — only to then pivot_root() and recursively
   unmount everything they just copied. With large mount tables and
   thousands of parallel container launches this creates significant
   contention on the namespace semaphore.

   OPEN_TREE_NAMESPACE copies only the specified mount tree (like
   OPEN_TREE_CLONE) but returns a mount namespace fd instead of a
   detached mount fd. The new namespace contains the copied tree mounted
   on top of a clone of the real rootfs.

   This functions as a combined unshare(CLONE_NEWNS) + pivot_root() in a
   single syscall. Works with user namespaces: an unshare(CLONE_NEWUSER)
   followed by OPEN_TREE_NAMESPACE creates a mount namespace owned by
   the new user namespace. Mount namespace file mounts are excluded from
   the copy to prevent cycles. Includes ~1000 lines of selftests"

* tag 'vfs-7.0-rc1.namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
  selftests/open_tree: add OPEN_TREE_NAMESPACE tests
  mount: add OPEN_TREE_NAMESPACE
  fs: Remove internal old mount API code
  selftests: statmount: tests for STATMOUNT_BY_FD
  statmount: accept fd as a parameter
  statmount: permission check should return EPERM

author	Linus Torvalds <torvalds@linux-foundation.org>
	Mon, 9 Feb 2026 22:43:47 +0000 (14:43 -0800)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Mon, 9 Feb 2026 22:43:47 +0000 (14:43 -0800)
commit	157d3d6efd5a58466d90be3a134f9667486fe6f9
tree	8058c46480391d19b0e6166d4b45172c5c7de567	tree
parent	8113b3998d5c96aca885b967e6aa47e428ebc632	commit \| diff
parent	1bce1a664ac25d37a327c433a01bc347f0a81bd6	commit \| diff

Documentation/filesystems/locking.rst	diff1 \|	diff2 \|	blob \| history
Documentation/filesystems/porting.rst	diff1 \|	diff2 \|	blob \| history
Documentation/filesystems/vfs.rst	diff1 \|	diff2 \|	blob \| history
fs/internal.h	diff1 \|	diff2 \|	blob \| history
fs/namespace.c	diff1 \|	diff2 \|	blob \| history
include/linux/fs.h	diff1 \|	diff2 \|	blob \| history
include/linux/fs/super_types.h	diff1 \|	diff2 \|	blob \| history