On Wed, Nov 29, 2023 at 11:22:03AM +0100, Miklos Szeredi wrote: > On Wed, 29 Nov 2023 at 10:53, Christian Brauner <brauner@xxxxxxxxxx> wrote: > > > > On Tue, 28 Nov 2023 17:03:31 +0100, Miklos Szeredi wrote: > > > This came out from me thinking about the best libc API. It contains a few > > > changes that simplify and (I think) improve the interface. > > > > > > Tree: > > > > > > git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git#vfs.mount > > > > > > [...] > > > > Afaict, all changes as discussed. Thanks. I folded the fixes into the > > main commit. Links to the patches that were folded are in the commit > > message and explained in there as well. The final commit is now rather > > small and easy to read. > > Looks good, thanks for folding the patches. > > > * Remove explicit LISTMOUNT_UNREACHABLE flag (cf. [1]). That > > functionality can simply be made available by checking for required > > privileges. If the caller is sufficiently privileged then list mounts > > that can't be reached from the current root. If the caller isn't skip > > mounts that can't be reached from the current root. This also makes > > permission checking consistent with statmount() (cf. [3]). > > Skipping mounts based on privileges was what the initial version did. > That inconsistency was the reason for introducing > LISTMOUNT_UNREACHABLE. The final version doesn't skip mounts based on > privileges, either all submounts are listed or the request is rejected > with -EPERM. Yeah, I phrased that badly. What I meant to convey is that mounts not reachable from the current root are not reported as in skipped in the loop. I've simplified this down to: * Remove explicit LISTMOUNT_UNREACHABLE flag (cf. [1]) and fail if mount is unreachable from current root. This also makes permission checking consistent with statmount() (cf. [3]).
