On 2025/05/14 11:43, Al Viro wrote:
> On Wed, May 14, 2025 at 12:25:58AM +0000, KONDO KAZUMA(近藤 和真) wrote:
>
>> @@ -2482,17 +2482,13 @@ struct vfsmount *clone_private_mount(const struct path *path)
>> if (IS_MNT_UNBINDABLE(old_mnt))
>> return ERR_PTR(-EINVAL);
>>
>> - if (mnt_has_parent(old_mnt)) {
>> + if (!is_mounted(&old_mnt->mnt))
>> + return ERR_PTR(-EINVAL);
>> +
>> + if (mnt_has_parent(old_mnt) || !is_anon_ns(old_mnt->mnt_ns)) {
>> if (!check_mnt(old_mnt))
>> return ERR_PTR(-EINVAL);
>> } else {
>> - if (!is_mounted(&old_mnt->mnt))
>> - return ERR_PTR(-EINVAL);
>> -
>> - /* Make sure this isn't something purely kernel internal. */
>> - if (!is_anon_ns(old_mnt->mnt_ns))
>> - return ERR_PTR(-EINVAL);
>> -
>> /* Make sure we don't create mount namespace loops. */
>> if (!check_for_nsfs_mounts(old_mnt))
>> return ERR_PTR(-EINVAL);
>
> Not the right way to do that. What we want is
>
> /* ours are always fine */
> if (!check_mnt(old_mnt)) {
> /* they'd better be mounted _somewhere */
> if (!is_mounted(old_mnt))
> return -EINVAL;
> /* no other real namespaces; only anon */
> if (!is_anon_ns(old_mnt->mnt_ns))
> return -EINVAL;
> /* ... and root of that anon */
> if (mnt_has_parent(old_mnt))
> return -EINVAL;
> /* Make sure we don't create mount namespace loops. */
> if (!check_for_nsfs_mounts(old_mnt))
> return ERR_PTR(-EINVAL);
> }
Hello Al Viro,
Thank you for your comment.
That code can solve my problem, and it seems to be better!
So, I will revise my patch and resend it.
Thanks,
Kazuma Kondo
