3 files changed, 7 insertions, 4 deletions

diff --git a/fs/fs_context.c b/fs/fs_context.c
index a47ccd5a4a78..746a5871959c 100644
--- a/fs/fs_context.c
+++ b/fs/fs_context.c
@@ -662,6 +662,11 @@ static int legacy_get_tree(struct fs_context *fc)
 	struct super_block *sb;
 	struct dentry *root;
 
+	if (!(fc->sb_flags & (SB_KERNMOUNT|SB_SUBMOUNT))) {
+		if (!mount_capable(fc->fs_type, current_user_ns()))
+			return -EPERM;
+	}
+
 	root = fc->fs_type->mount(fc->fs_type, fc->sb_flags,
 				      fc->source, ctx->legacy_data);
 	if (IS_ERR(root))
diff --git a/fs/internal.h b/fs/internal.h
index 1ac2b8f6c621..65db901420af 100644
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -18,6 +18,7 @@ struct path;
 struct mount;
 struct shrink_control;
 struct fs_context;
+struct user_namespace;
 
 /*
  * block_dev.c
@@ -113,6 +114,7 @@ extern struct file *alloc_empty_file_noaccount(int, const struct cred *);
 extern int reconfigure_super(struct fs_context *);
 extern bool trylock_super(struct super_block *sb);
 extern struct super_block *user_get_super(dev_t);
+extern bool mount_capable(struct file_system_type *, struct user_namespace *);
 
 /*
  * open.c
diff --git a/fs/super.c b/fs/super.c
index 6919f5c728f0..bdb03255c7ea 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -583,10 +583,6 @@ struct super_block *sget_userns(struct file_system_type *type,
 	struct super_block *old;
 	int err;
 
-	if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT))) {
-		if (!mount_capable(type, user_ns))
-			return ERR_PTR(-EPERM);
-	}
 retry:
 	spin_lock(&sb_lock);
 	if (test) {