7

Is it possible to mount an Overlayfs filesystem as an unprivileged user in a user namespace in Linux kernels >4.3.3; it seems that the fix to this vulnerability has blocked this functionality entirely.

When I create a new user namespace with clone(), passing the CLONE_NEWNS flag and attempt to invoke mount with an overlayfs filesystem, I'm given permission denied. I can mount any other filesystem though.

Is there a way to work around this/am I missing something?

200_success
  • 5,496
  • 1
  • 26
  • 34
Josh Hebert
  • 171
  • 2

1 Answers1

0

It was not allowed to mount overlayfs within unprivileged user namespace up until and including kernel version v5.10. Not sure but if you can try a bind mount of the overlayfs into the user namespace.

Starting with kernel 5.11 however, the appropriate support has been added and you can now finally use them.

Kusalananda
  • 320,670
  • 36
  • 633
  • 936
shashank
  • 1