On Tue, Jun 10, 2025 at 3:26 PM Tingmao Wang <m@xxxxxxxxxx> wrote: [..] > > > > if (!choose_mountpoint(real_mount(path->mnt), root, &p)) > > return false; > > path_put(path); > > *path = p; > > ret = true; > > } > > > > if (unlikely(IS_ROOT(path->dentry))) > > return ret; > > Returning true here would be the wrong semantic right? This whole thing > is only possible when some mount shadows "/". Say if you have a landlock > rule on the old "/", but then we mount a new "/" and chroot into it (via > "/.."), the landlock rule on the old "/" should not apply, but if we > change *path and return true here then this will "expose" that old "/" to > landlock. Could you please provide more specific information about this case? Thanks, Song > A quick suggestion although I haven't tested anything - maybe we should do > a special case check for IS_ROOT inside the > if (unlikely(path->dentry == path->mnt->mnt_root)) > ? Before "path_put(path);", if IS_ROOT(p.dentry) then we just path_get(p) > and return false. > > > > > parent = dget_parent(path->dentry); > > dput(path->dentry); > > path->dentry = parent; > > return true; > > } > > > > Thanks, > > Song >
