On Tue, 16 Jun 2026 at 17:20, Jimmy Zuber <[email protected]> wrote: > +/* > + * A server can stall syncfs()/sync(), so only honor FUSE_HAS_SYNCFS for > + * mounts owned by the initial user namespace, i.e. set up with host > + * privilege (like virtiofs and fuseblk). > + */ > +static bool fuse_syncfs_enable(struct fuse_conn *fc, u64 flags) > +{ > + return (flags & FUSE_HAS_SYNCFS) && fc->user_ns == &init_user_ns; > +}
Sounds really easy to trick: start the server in the initial user ns, then clone the mounter with a new user/mount namespace. The init_user_ns test will pass happily, since the server is running in the initial namespace. Thanks, Miklos
