On Thu, 14 Sept 2023 at 22:40, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>
> On Wed, Sep 13, 2023 at 11:23 AM Miklos Szeredi <mszeredi@xxxxxxxxxx> wrote:
> ...
>
> > +static int do_statmnt(struct stmt_state *s)
> > +{
> > + struct statmnt *sm = &s->sm;
> > + struct mount *m = real_mount(s->mnt);
> > +
> > + if (!capable(CAP_SYS_ADMIN) &&
> > + !is_path_reachable(m, m->mnt.mnt_root, &s->root))
> > + return -EPERM;
>
> I realize statmnt() is different from fstatfs(), but from an access
> control perspective they look a lot alike to me which is why I think
> we should probably have a security_sb_statfs() call here. Same thing
> for the listmnt() syscall in patch 3/3.
Okay, makes sense.
Thanks,
Miklos
