On Wed, Aug 13, 2025 at 01:09:27PM -0600, Tycho Andersen wrote: > On Wed, Aug 13, 2025 at 07:56:01PM +0100, Al Viro wrote: > > @@ -3347,18 +3360,11 @@ static int do_set_group(struct path *from_path, struct path *to_path) > > > > namespace_lock(); > > > > - err = -EINVAL; > > - /* To and From must be mounted */ > > - if (!is_mounted(&from->mnt)) > > - goto out; > > - if (!is_mounted(&to->mnt)) > > - goto out; > > - > > - err = -EPERM; > > - /* We should be allowed to modify mount namespaces of both mounts */ > > - if (!ns_capable(from->mnt_ns->user_ns, CAP_SYS_ADMIN)) > > + err = may_change_propagation(from); > > + if (err) > > goto out; > > - if (!ns_capable(to->mnt_ns->user_ns, CAP_SYS_ADMIN)) > > + err = may_change_propagation(from); > > Just driving by, but I guess you mean "to" here. D'oh... Yes, of course. Fun question: would our selftests have caught that? [checks] move_mount_set_group_test.c doesn't have anything in that area, nothing in LTP or xfstests either, AFAICS... And I don't see anything in https://github.com/checkpoint-restore/criu either - there are uses of MOVE_MOUNT_SET_GROUP, but they are well-buried and I don't see anything in their tests that would even try to poke into that thing... Before we go and try to cobble something up, does anybody know of a place where regression tests for MOVE_MOUNT_SET_GROUP could be picked from?
