---- On Sat, 09 Aug 2025 00:39:49 +0400 Aleksa Sarai <cyphar@xxxxxxxxxx> wrote --- > +The above procedure is functionally equivalent to > +the following mount operation using > +.BR mount (2): This is not true. fspick adds options to superblock. It doesn't remove existing ones. mount(MS_REMOUNT) replaces options. I. e. mount(2) call provided in example will unset all other options. In the end of this message you will find C code, which proves this. Also, recently I sent patch to mount(2) manpage, which clarifies MS_REMOUNT | MS_BIND behavior. This is somewhat related. The patch comes with another reproducer. Here is a link: https://lore.kernel.org/linux-man/20250822114315.1571537-1-safinaskar@xxxxxxxxxxxx/ -- Askar Safin https://types.pl/@safinaskar // You need to be root (non-initial user namespace will go) #define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <stdbool.h> #include <string.h> #include <unistd.h> #include <fcntl.h> #include <sched.h> #include <errno.h> #include <sys/stat.h> #include <sys/mount.h> #include <sys/syscall.h> #include <sys/vfs.h> #include <sys/sysmacros.h> #include <sys/statvfs.h> #include <linux/openat2.h> #define MY_ASSERT(cond) do { \ if (!(cond)) { \ fprintf (stderr, "%d: %s: assertion failed\n", __LINE__, #cond); \ exit (1); \ } \ } while (0) int main (void) { // Init { MY_ASSERT (chdir ("/") == 0); MY_ASSERT (unshare (CLONE_NEWNS) == 0); MY_ASSERT (mount (NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) == 0); MY_ASSERT (mount (NULL, "/tmp", "tmpfs", 0, NULL) == 0); } MY_ASSERT (mkdir ("/tmp/a", 0777) == 0); MY_ASSERT (mkdir ("/tmp/b", 0777) == 0); { MY_ASSERT (mount (NULL, "/tmp/a", "tmpfs", MS_SYNCHRONOUS, NULL) == 0); { struct statfs buf; memset (&buf, 0, sizeof buf); MY_ASSERT (statfs ("/tmp/a", &buf) == 0); MY_ASSERT (buf.f_flags & ST_SYNCHRONOUS); MY_ASSERT (!(buf.f_flags & ST_RDONLY)); } { int fsfd = fspick (AT_FDCWD, "/tmp/a", FSPICK_CLOEXEC); MY_ASSERT (fsfd >= 0); MY_ASSERT (fsconfig (fsfd, FSCONFIG_SET_FLAG, "ro", NULL, 0) == 0); MY_ASSERT (fsconfig (fsfd, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) == 0); MY_ASSERT (close (fsfd) == 0); } { struct statfs buf; memset (&buf, 0, sizeof buf); MY_ASSERT (statfs ("/tmp/a", &buf) == 0); MY_ASSERT (buf.f_flags & ST_SYNCHRONOUS); MY_ASSERT (buf.f_flags & ST_RDONLY); } MY_ASSERT (umount ("/tmp/a") == 0); } { MY_ASSERT (mount (NULL, "/tmp/a", "tmpfs", MS_SYNCHRONOUS, NULL) == 0); { struct statfs buf; memset (&buf, 0, sizeof buf); MY_ASSERT (statfs ("/tmp/a", &buf) == 0); MY_ASSERT (buf.f_flags & ST_SYNCHRONOUS); MY_ASSERT (!(buf.f_flags & ST_RDONLY)); } MY_ASSERT (mount (NULL, "/tmp/a", NULL, MS_REMOUNT | MS_RDONLY, NULL) == 0); { struct statfs buf; memset (&buf, 0, sizeof buf); MY_ASSERT (statfs ("/tmp/a", &buf) == 0); MY_ASSERT (!(buf.f_flags & ST_SYNCHRONOUS)); MY_ASSERT (buf.f_flags & ST_RDONLY); } MY_ASSERT (umount ("/tmp/a") == 0); } printf ("All tests passed\n"); exit (0); }
