On Tue, Feb 11, 2025 at 06:16:00PM +0100, Christian Brauner wrote: > There's no point in allowing anything kernel internal nor procfs or > sysfs. > + /* Exclude kernel kernel internal filesystems. */ > + if (file_inode(file)->i_sb->s_flags & (SB_NOUSER | SB_KERNMOUNT)) { > + kfree(acct); > + filp_close(file, NULL); > + return -EINVAL; > + } > + > + /* Exclude procfs and sysfs. */ > + if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE) { > + kfree(acct); > + filp_close(file, NULL); > + return -EINVAL; > + } That looks like a really weird way to test it, especially the second part...