Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/include/uapi/linux
History
Christian Brauner 576ee5dfd4 fs: add immutable rootfs 
Currently pivot_root() doesn't work on the real rootfs because it
cannot be unmounted. Userspace has to do a recursive removal of the
initramfs contents manually before continuing the boot.

Really all we want from the real rootfs is to serve as the parent mount
for anything that is actually useful such as the tmpfs or ramfs for
initramfs unpacking or the rootfs itself. There's no need for the real
rootfs to actually be anything meaningful or useful. Add a immutable
rootfs called "nullfs" that can be selected via the "nullfs_rootfs"
kernel command line option.

The kernel will mount a tmpfs/ramfs on top of it, unpack the initramfs
and fire up userspace which mounts the rootfs and can then just do:

  chdir(rootfs);
  pivot_root(".", ".");
  umount2(".", MNT_DETACH);

and be done with it. (Ofc, userspace can also choose to retain the
initramfs contents by using something like pivot_root(".", "/initramfs")
without unmounting it.)

Technically this also means that the rootfs mount in unprivileged
namespaces doesn't need to become MNT_LOCKED anymore as it's guaranteed
that the immutable rootfs remains permanently empty so there cannot be
anything revealed by unmounting the covering mount.

In the future this will also allow us to create completely empty mount
namespaces without risking to leak anything.

systemd already handles this all correctly as it tries to pivot_root()
first and falls back to MS_MOVE only when that fails.

This goes back to various discussion in previous years and a LPC 2024
presentation about this very topic.

Link: https://patch.msgid.link/20260112-work-immutable-rootfs-v2-3-88dd1c34a204@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
 		2026-01-12 16:52:09 +01:00
..
android tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
byteorder
caif
can can: netlink: add PWM netlink interface 2025-11-26 11:20:43 +01:00
cifs
counter
dvb
genwqe
hdlc
hsi
iio
io_uring io_uring/query: introduce rings info query 2025-11-13 11:17:36 -07:00
isdn
media media: uapi: c3-isp: Fix documentation warning 2025-12-03 10:07:37 +01:00
misc
mmc
netfilter netfilter: nf_tables: improve UAPI kernel-doc comments 2025-11-28 00:07:19 +00:00
netfilter_arp
netfilter_bridge
netfilter_ipv4
netfilter_ipv6 netfilter: ip6t_srh: fix UAPI kernel-doc comments format 2025-11-28 00:07:19 +00:00
nfsd
raid md: allow configuring logical block size 2025-11-11 11:20:15 +08:00
sched
spi
sunrpc
surface_aggregator
tc_act
tc_ematch
usb uapi: cdc.h: cleanly provide for more interfaces and countries 2025-11-21 15:12:12 +01:00
a.out.h
acct.h
acrn.h virt: acrn: split acrn_mmio_dev_res out of acrn_mmiodev 2025-11-26 15:09:24 +01:00
adb.h
adfs_fs.h
affs_hardblocks.h
agpgart.h
aio_abi.h
am437x-vpfe.h
amt.h
apm_bios.h
arcfb.h
arm_sdei.h
aspeed-lpc-ctrl.h
aspeed-p2a-ctrl.h
aspeed-video.h
atalk.h
atm.h
atm_eni.h
atm_he.h
atm_idt77105.h
atm_nicstar.h
atm_tcp.h
atm_zatm.h
atmapi.h
atmarp.h
atmbr2684.h
atmclip.h
atmdev.h
atmioc.h
atmlec.h
atmmpc.h
atmppp.h
atmsap.h
atmsvc.h
audit.h
auto_dev-ioctl.h
auto_fs.h
auto_fs4.h
auxvec.h
ax25.h
batadv_packet.h
batman_adv.h
baycom.h
bcm933xx_hcs.h
bfs_fs.h
binfmts.h
bits.h
blk-crypto.h
blkdev.h
blkpg.h
blktrace_api.h blktrace: add support for REQ_OP_WRITE_ZEROES tracing 2025-11-03 08:30:56 -07:00
blkzoned.h block: introduce BLKREPORTZONESV2 ioctl 2025-11-05 08:07:21 -07:00
bpf.h Networking changes for 6.19. 2025-12-03 17:24:33 -08:00
bpf_common.h
bpf_perf_event.h
bpqether.h
bsg.h
bt-bmc.h
btf.h
btrfs.h btrfs: implement shutdown ioctl 2025-11-24 21:56:17 +01:00
btrfs_tree.h
cachefiles.h
can.h
capability.h
capi.h
cciss_defs.h
cciss_ioctl.h
ccs.h
cdrom.h
cec-funcs.h
cec.h
cfm_bridge.h
cgroupstats.h
chio.h
close_range.h
cn_proc.h
coda.h
coff.h
comedi.h
connector.h
const.h
coredump.h
coresight-stm.h
counter.h
cramfs_fs.h
cryptouser.h
cuda.h
cxl_mem.h
cyclades.h
cycx_cfm.h
dcbnl.h
dccp.h
devlink.h devlink: support default values for param-get and param-set 2025-11-20 19:01:22 -08:00
dlm.h
dlm_device.h
dlm_plock.h
dlmconstants.h
dm-ioctl.h
dm-log-userspace.h
dma-buf.h
dma-heap.h
dns_resolver.h
dpll.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
dqblk_xfs.h
dw100.h
edd.h
efs_fs_sb.h
elf-em.h
elf-fdpic.h
elf.h
energy_model.h PM: EM: Add em.yaml and autogen files 2025-10-22 21:44:37 +02:00
errno.h
errqueue.h
erspan.h
ethtool.h net: ethtool: Add support for 1600Gbps speed 2025-11-20 18:21:29 -08:00
ethtool_netlink.h
ethtool_netlink_generated.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
eventfd.h
eventpoll.h
exfat.h
ext4.h
f2fs.h
fadvise.h
falloc.h
fanotify.h
fb.h video: fb: Fix typo in comment in fb.h 2025-10-28 22:59:19 +01:00
fcntl.h vfs: use UAPI types for new struct delegation definition 2025-12-05 13:57:39 +01:00
fd.h
fdreg.h
fib_rules.h
fiemap.h
filter.h
firewire-cdev.h
firewire-constants.h
fou.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
fpga-dfl.h
fs.h block: introduce BLKREPORTZONESV2 ioctl 2025-11-05 08:07:21 -07:00
fscrypt.h
fsi.h
fsl_hypervisor.h
fsl_mc.h
fsmap.h
fsverity.h
fuse.h
futex.h
gameport.h
gen_stats.h
genetlink.h
gfs2_ondisk.h
gpib.h staging: gpib: Destage gpib 2025-11-24 17:52:11 +01:00
gpib_ioctl.h staging: gpib: Destage gpib 2025-11-24 17:52:11 +01:00
gpio.h
gsmmux.h
gtp.h
handshake.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
hash_info.h
hdlc.h
hdlcdrv.h
hdreg.h
hid.h
hiddev.h
hidraw.h
hpet.h
hsr_netlink.h
hw_breakpoint.h
hyperv.h
i2c-dev.h
i2c.h i2c: i2c.h: fix a bad kernel-doc line 2025-11-29 21:39:58 +09:00
i2o-dev.h
i8k.h
icmp.h
icmpv6.h
idxd.h
if.h
if_addr.h
if_addrlabel.h
if_alg.h
if_arcnet.h
if_arp.h
if_bonding.h
if_bridge.h
if_eql.h
if_ether.h if_ether.h: Clarify ethertype validity for gsw1xx dsa 2025-11-27 17:46:54 -08:00
if_fc.h
if_fddi.h
if_hippi.h
if_infiniband.h
if_link.h
if_ltalk.h
if_macsec.h
if_packet.h
if_phonet.h
if_plip.h
if_ppp.h
if_pppol2tp.h
if_pppox.h
if_slip.h
if_team.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
if_tun.h
if_tunnel.h
if_vlan.h
if_x25.h
if_xdp.h
ife.h
igmp.h
ila.h
in.h
in6.h
in_route.h
inet_diag.h
inotify.h
input-event-codes.h Input: rename INPUT_PROP_HAPTIC_TOUCHPAD to INPUT_PROP_PRESSUREPAD 2025-11-17 23:18:32 -08:00
input.h
io_uring.h io_uring: Introduce getsockname io_uring cmd 2025-11-26 13:45:23 -07:00
ioam6.h
ioam6_genl.h
ioam6_iptunnel.h
ioctl.h
iommufd.h iommu/arm-smmu-v3-iommufd: Allow attaching nested domain for GBPA cases 2025-11-26 14:04:04 -04:00
ioprio.h
ip.h
ip6_tunnel.h
ip_vs.h
ipc.h
ipmi.h
ipmi_bmc.h
ipmi_msgdefs.h
ipmi_ssif_bmc.h
ipsec.h
ipv6.h
ipv6_route.h
irqnr.h
iso_fs.h
isst_if.h platform/x86: ISST: isst_if.h: fix all kernel-doc warnings 2025-11-06 14:19:20 +02:00
ivtv.h
ivtvfb.h
jffs2.h
joystick.h
kcm.h
kcmp.h
kcov.h
kd.h
kdev_t.h
kernel-page-flags.h
kernel.h
kernelcapi.h
kexec.h
keyboard.h
keyctl.h
kfd_ioctl.h drm/amdkfd: Fix two comments in kfd_ioctl.h 2025-10-07 14:09:19 -04:00
kfd_sysfs.h
kvm.h - SCA rework 2025-12-02 18:58:47 +01:00
kvm_para.h
l2tp.h
landlock.h
libc-compat.h
limits.h
lirc.h
liveupdate.h liveupdate: luo_session: add ioctls for file preservation 2025-11-27 14:24:39 -08:00
llc.h
loadpin.h
lockd_netlink.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
loop.h
lp.h
lsm.h
lwtunnel.h
magic.h fs: add immutable rootfs 2026-01-12 16:52:09 +01:00
major.h
map_benchmark.h tools/dma: move dma_map_benchmark from selftests to tools/dma 2025-10-29 09:41:40 +01:00
map_to_7segment.h
map_to_14segment.h
matroxfb.h
max2175.h
mctp.h
mdio.h net: pcs: xpcs: Fix PMA identifier handling in XPCS 2025-11-27 10:41:31 +01:00
media-bus-format.h media: uapi: Add 20-bit bayer formats 2025-11-14 15:48:49 +01:00
media.h
mei.h
mei_uuid.h
membarrier.h
memfd.h
mempolicy.h
mii.h
minix_fs.h
mman.h
mmtimer.h
module.h
mount.h fs/namespace: correctly handle errors returned by grab_requested_mnt_ns 2025-11-12 10:42:49 +01:00
mpls.h
mpls_iptunnel.h
mptcp.h mptcp: pm: in-kernel: record fullmesh endp nb 2025-11-04 17:15:06 -08:00
mptcp_pm.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
mqueue.h
mroute.h
mroute6.h
mrp_bridge.h
msdos_fs.h
msg.h
mshv.h Drivers: hv: Introduce mshv_vtl driver 2025-12-05 23:16:26 +00:00
mtio.h
nbd-netlink.h
nbd.h
ncsi.h
ndctl.h
neighbour.h
net.h
net_dropmon.h
net_namespace.h
net_shaper.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
net_tstamp.h
netconf.h
netdev.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
netdevice.h
netfilter.h
netfilter_arp.h
netfilter_bridge.h
netfilter_ipv4.h
netfilter_ipv6.h
netlink.h
netlink_diag.h
netrom.h
nexthop.h
nfc.h
nfs.h
nfs2.h
nfs3.h
nfs4.h
nfs4_mount.h
nfs_fs.h
nfs_idmap.h
nfs_mount.h
nfsacl.h
nfsd_netlink.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
nilfs2_api.h
nilfs2_ondisk.h
nitro_enclaves.h
nl80211-vnd-intel.h wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line warning 2025-11-25 10:34:55 +01:00
nl80211.h
npcm-video.h
nsfs.h nstree: add listns() 2025-11-03 17:41:18 +01:00
nsm.h
ntsync.h
nubus.h
nvme_ioctl.h
nvram.h
omap3isp.h
omapfb.h
oom.h
openat2.h
openvswitch.h
ovpn.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
packet_diag.h
papr_pdsm.h
param.h
parport.h
patchkey.h
pci.h
pci_regs.h PCI: Add PCIe Device 3 Extended Capability enumeration 2025-11-03 19:27:41 -08:00
pcitest.h
perf_event.h arm64 updates for 6.19: 2025-12-02 17:03:55 -08:00
personality.h
pfkeyv2.h
pfrut.h
pg.h
phantom.h
phonet.h
pidfd.h pidfs: expose coredump signal 2025-10-30 14:25:14 +01:00
pkt_cls.h
pkt_sched.h
pktcdvd.h
pmu.h
poll.h
posix_acl.h
posix_acl_xattr.h
posix_types.h
ppdev.h
ppp-comp.h
ppp-ioctl.h
ppp_defs.h
pps.h
pps_gen.h
pr.h block: add IOC_PR_READ_RESERVATION ioctl 2025-12-04 07:19:26 -07:00
prctl.h
psample.h
psci.h
psp-dbc.h
psp-sev.h psp-sev: Assign numbers to all status codes and add new 2025-12-02 12:06:38 -08:00
psp-sfs.h
psp.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
ptp_clock.h
ptrace.h
pwm.h
qemu_fw_cfg.h
qnx4_fs.h
qnxtypes.h
qrtr.h
quota.h
radeonfb.h
random.h
rds.h
reboot.h
remoteproc_cdev.h
resource.h
rfkill.h
rio_cm_cdev.h
rio_mport_cdev.h
rkisp1-config.h media: uapi: Convert RkISP1 to V4L2 extensible params 2025-11-14 15:48:48 +01:00
romfs_fs.h
rose.h
route.h
rpl.h
rpl_iptunnel.h
rpmsg.h
rpmsg_types.h
rseq.h rseq: Simplify the event notification 2025-11-04 08:30:09 +01:00
rtc.h
rtnetlink.h
rxrpc.h
scc.h
sched.h
scif_ioctl.h
screen_info.h
sctp.h
seccomp.h
securebits.h
sed-opal.h
seg6.h
seg6_genl.h
seg6_hmac.h
seg6_iptunnel.h
seg6_local.h
selinux_netlink.h
sem.h
serial.h
serial_core.h
serial_reg.h
serio.h
sev-guest.h
shm.h
signal.h
signalfd.h
smc.h
smc_diag.h
smiapp.h
snmp.h
sock_diag.h
socket.h
sockios.h
sonet.h
sonypi.h
sound.h
soundcard.h
stat.h
stddef.h
stm.h
string.h
suspend_ioctls.h
swab.h
switchtec_ioctl.h
sync_file.h
synclink.h
sysctl.h
sysinfo.h
target_core_user.h
taskstats.h
tcp.h
tcp_metrics.h
tdx-guest.h
tee.h tee: <uapi/linux/tee.h: fix all kernel-doc issues 2025-11-10 09:47:54 +01:00
termios.h
thermal.h
thp7312.h
time.h
time_types.h
timerfd.h
times.h
timex.h
tiocl.h
tipc.h
tipc_config.h
tipc_netlink.h
tipc_sockets_diag.h
tls.h net/tls: support setting the maximum payload size 2025-10-27 16:13:42 -07:00
toshiba.h
tps6594_pfsm.h
trace_mmap.h
tty.h
tty_flags.h
types.h
ublk_cmd.h
udf_fs_i.h
udmabuf.h
udp.h
uhid.h
uinput.h
uio.h
uleds.h
ultrasound.h
um_timetravel.h
un.h
unistd.h
unix_diag.h
usbdevice_fs.h
usbip.h
user_events.h
userfaultfd.h
userio.h
utime.h
utsname.h
uuid.h
uvcvideo.h
v4l2-common.h
v4l2-controls.h media: uapi: Add controls for Mali-C55 ISP 2025-11-14 15:48:49 +01:00
v4l2-dv-timings.h
v4l2-mediabus.h
v4l2-subdev.h
vbox_err.h
vbox_vmmdev_types.h
vboxguest.h
vdpa.h
vduse.h
vesa.h
veth.h
vfio.h vfio/pci: Add dma-buf export support for MMIO regions 2025-11-20 21:12:19 -07:00
vfio_ccw.h
vfio_zdev.h
vhost.h
vhost_types.h
videodev2.h media: mali-c55: Add image formats for Mali-C55 parameters buffer 2025-11-14 15:48:49 +01:00
virtio_9p.h
virtio_balloon.h
virtio_blk.h
virtio_bt.h
virtio_config.h
virtio_console.h
virtio_crypto.h
virtio_fs.h
virtio_gpio.h
virtio_gpu.h
virtio_i2c.h
virtio_ids.h
virtio_input.h
virtio_iommu.h
virtio_mem.h
virtio_mmio.h
virtio_net.h virtio_net: fix alignment for virtio_net_hdr_v1_hash 2025-11-04 17:14:07 -08:00
virtio_pci.h virtio_pci: drop kernel.h 2025-11-30 18:02:43 -05:00
virtio_pcidev.h
virtio_pmem.h
virtio_ring.h
virtio_rng.h
virtio_rtc.h
virtio_scmi.h
virtio_scsi.h
virtio_snd.h
virtio_spi.h
virtio_types.h
virtio_vsock.h
vm_sockets.h
vm_sockets_diag.h
vmclock-abi.h
vmcore.h vmcoreinfo: track and log recoverable hardware errors 2025-11-27 14:24:44 -08:00
vsockmon.h
vt.h
vtpm_proxy.h
wait.h
watch_queue.h
watchdog.h
wireguard.h wireguard: uapi: generate header with ynl-gen 2025-12-02 04:12:49 +01:00
wireless.h
wmi.h
wwan.h
x25.h
xattr.h
xdp_diag.h
xfrm.h
xilinx-v4l2-controls.h
zorro.h
zorro_ids.h