On Sat, Nov 29, 2025 at 1:15 AM Bhavik Sachdev b.sachdev1904@gmail.com wrote:
Extend `struct mnt_id_req` to take in a fd and introduce STATMOUNT_BY_FD flag. When a valid fd is provided and STATMOUNT_BY_FD is set, statmount will return mountinfo about the mount the fd is on.
This even works for "unmounted" mounts (mounts that have been umounted using umount2(mnt, MNT_DETACH)), if you have access to a file descriptor on that mount. These "umounted" mounts will have no mountpoint and no valid mount namespace. Hence, we unset the STATMOUNT_MNT_POINT and STATMOUNT_MNT_NS_ID in statmount.mask for "unmounted" mounts.
In case of STATMOUNT_BY_FD, given that we already have access to an fd on the mount, accessing mount information without a capability check seems fine because of the following reasons:
- All fs related information is available via fstatfs() without any capability check.
- Mount information is also available via /proc/pid/mountinfo (without any capability check).
- Given that we have access to a fd on the mount which tells us that we had access to the mount at some point (or someone that had access gave us the fd). So, we should be able to access mount info.
Acked-by: Andrei Vagin avagin@gmail.com
Co-developed-by: Pavel Tikhomirov ptikhomirov@virtuozzo.com Signed-off-by: Pavel Tikhomirov ptikhomirov@virtuozzo.com Signed-off-by: Bhavik Sachdev b.sachdev1904@gmail.com
fs/namespace.c | 102 ++++++++++++++++++++++++------------- include/uapi/linux/mount.h | 10 +++- 2 files changed, 76 insertions(+), 36 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c index ee36d67f1ac2..73ffa1fbdad7 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -5563,31 +5563,49 @@ static int grab_requested_root(struct mnt_namespace *ns, struct path *root)
/* locks: namespace_shared */ static int do_statmount(struct kstatmount *s, u64 mnt_id, u64 mnt_ns_id,
struct mnt_namespace *ns)
struct file *mnt_file, struct mnt_namespace *ns)
no spaces at the start of a line, code indent should use tabs.
./scripts/checkpatch.pl can help to avoid this sort of typos.
Thanks, Andrei