On Wed, Aug 13, 2025 at 07:56:01PM +0100, Al Viro wrote: > @@ -3347,18 +3360,11 @@ static int do_set_group(struct path *from_path, struct path *to_path) > > namespace_lock(); > > - err = -EINVAL; > - /* To and From must be mounted */ > - if (!is_mounted(&from->mnt)) > - goto out; > - if (!is_mounted(&to->mnt)) > - goto out; > - > - err = -EPERM; > - /* We should be allowed to modify mount namespaces of both mounts */ > - if (!ns_capable(from->mnt_ns->user_ns, CAP_SYS_ADMIN)) > + err = may_change_propagation(from); > + if (err) > goto out; > - if (!ns_capable(to->mnt_ns->user_ns, CAP_SYS_ADMIN)) > + err = may_change_propagation(from); Just driving by, but I guess you mean "to" here. Tycho
