git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Christian Brauner <brauner@kernel.org>
	Thu, 22 Jan 2026 10:48:48 +0000 (11:48 +0100)
committer	Christian Brauner <brauner@kernel.org>
	Thu, 12 Mar 2026 12:33:54 +0000 (13:33 +0100)
commit	5e8969bd192712419aae511dd5ba26855c2c78db
tree	9551ed385b8c050ff68cfd931277fe96eda48bf8	tree \| snapshot
parent	ad4a3599e58d5ac0caa3f576c48a4b62f38d400d	commit \| diff

mount: add FSMOUNT_NAMESPACE

Add FSMOUNT_NAMESPACE flag to fsmount() that creates a new mount
namespace with the newly created filesystem attached to a copy of the
real rootfs. This returns a namespace file descriptor instead of an
O_PATH mount fd, similar to how OPEN_TREE_NAMESPACE works for open_tree().

This allows creating a new filesystem and immediately placing it in a
new mount namespace in a single operation, which is useful for container
runtimes and other namespace-based isolation mechanisms.

The rootfs mount is created before copying the real rootfs for the new
namespace meaning that the mount namespace id for the mount of the root
of the namespace is bigger than the child mounted on top of it. We've
never explicitly given the guarantee for such ordering and I doubt
anyone relies on it. Accepting that lets us avoid copying the mount
again and also avoids having to massage may_copy_tree() to grant an
exception for fsmount->mnt->mnt_ns being NULL.

Link: https://patch.msgid.link/20260122-work-fsmount-namespace-v1-3-5ef0a886e646@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>

fs/namespace.c		diff \| blob \| blame \| history
include/uapi/linux/mount.h		diff \| blob \| blame \| history