On Wed, May 14, 2025 at 12:25:58AM +0000, KONDO KAZUMA(近藤 和真) wrote:
> @@ -2482,17 +2482,13 @@ struct vfsmount *clone_private_mount(const struct path *path)
> if (IS_MNT_UNBINDABLE(old_mnt))
> return ERR_PTR(-EINVAL);
>
> - if (mnt_has_parent(old_mnt)) {
> + if (!is_mounted(&old_mnt->mnt))
> + return ERR_PTR(-EINVAL);
> +
> + if (mnt_has_parent(old_mnt) || !is_anon_ns(old_mnt->mnt_ns)) {
> if (!check_mnt(old_mnt))
> return ERR_PTR(-EINVAL);
> } else {
> - if (!is_mounted(&old_mnt->mnt))
> - return ERR_PTR(-EINVAL);
> -
> - /* Make sure this isn't something purely kernel internal. */
> - if (!is_anon_ns(old_mnt->mnt_ns))
> - return ERR_PTR(-EINVAL);
> -
> /* Make sure we don't create mount namespace loops. */
> if (!check_for_nsfs_mounts(old_mnt))
> return ERR_PTR(-EINVAL);
Not the right way to do that. What we want is
/* ours are always fine */
if (!check_mnt(old_mnt)) {
/* they'd better be mounted _somewhere */
if (!is_mounted(old_mnt))
return -EINVAL;
/* no other real namespaces; only anon */
if (!is_anon_ns(old_mnt->mnt_ns))
return -EINVAL;
/* ... and root of that anon */
if (mnt_has_parent(old_mnt))
return -EINVAL;
/* Make sure we don't create mount namespace loops. */
if (!check_for_nsfs_mounts(old_mnt))
return ERR_PTR(-EINVAL);
}
