Re: do_change_type(): refuse to operate on unmounted/not ours mounts

13 Aug 2025


      On Wed, Aug 13, 2025 at 07:56:01PM +0100, Al Viro wrote:
...
@@ -3347,18 +3360,11 @@ static int do_set_group(struct path *from_path, struct path *to_path)
 
   namespace_lock();

err = -EINVAL;
/* To and From must be mounted */
if (!is_mounted(&from->mnt))
goto out;


if (!is_mounted(&to->mnt))
goto out;



err = -EPERM;
/* We should be allowed to modify mount namespaces of both mounts */
if (!ns_capable(from->mnt_ns->user_ns, CAP_SYS_ADMIN))


err = may_change_propagation(from);
if (err)
goto out;


if (!ns_capable(to->mnt_ns->user_ns, CAP_SYS_ADMIN))


err = may_change_propagation(from);

Just driving by, but I guess you mean "to" here.
Tycho

    