Mount volumes as super user

This used to be the case, but regressed after a recent change. Also made a few fixes around it and clean up the code a bit. Closes #720 PiperOrigin-RevId: 265717496
author: Fabricio Voznika <fvoznika@google.com> 2019-08-27 10:46:06 -0700
committer: gVisor bot <gvisor-bot@google.com> 2019-08-27 10:47:16 -0700
commit: c39564332bdd5030b9031ed3b1a428464fea670e (patch)
tree: 3f0f8b8a9b160d24470c4d85f43f4876e139cb9d /pkg
parent: b4cdaef4a1d545867d8e34036c5ed3175e55079d (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/pkg/sentry/fs/mounts.go b/pkg/sentry/fs/mounts.go
index 9b713e785..ac0398bd9 100644
--- a/pkg/sentry/fs/mounts.go
+++ b/pkg/sentry/fs/mounts.go
@@ -171,8 +171,6 @@ type MountNamespace struct {
 // NewMountNamespace returns a new MountNamespace, with the provided node at the
 // root, and the given cache size. A root must always be provided.
 func NewMountNamespace(ctx context.Context, root *Inode) (*MountNamespace, error) {
-	creds := auth.CredentialsFromContext(ctx)
-
 	// Set the root dirent and id on the root mount. The reference returned from
 	// NewDirent will be donated to the MountNamespace constructed below.
 	d := NewDirent(ctx, root, "/")
@@ -181,6 +179,7 @@ func NewMountNamespace(ctx context.Context, root *Inode) (*MountNamespace, error
 		d: newRootMount(1, d),
 	}
 
+	creds := auth.CredentialsFromContext(ctx)
 	mns := MountNamespace{
 		userns:  creds.UserNamespace,
 		root:    d,
author	Fabricio Voznika <fvoznika@google.com>	2019-08-27 10:46:06 -0700
committer	gVisor bot <gvisor-bot@google.com>	2019-08-27 10:47:16 -0700
commit	c39564332bdd5030b9031ed3b1a428464fea670e (patch)
tree	3f0f8b8a9b160d24470c4d85f43f4876e139cb9d /pkg
parent	b4cdaef4a1d545867d8e34036c5ed3175e55079d (diff)