Re: do_change_type(): refuse to operate on unmounted/not ours mounts

[Andrei Vagin]

On Thu, Jul 24, 2025 at 4:00 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
>
> On Thu, Jul 24, 2025 at 01:02:48PM -0700, Andrei Vagin wrote:
> > Hi Al and Christian,
> >
> > The commit 12f147ddd6de ("do_change_type(): refuse to operate on
> > unmounted/not ours mounts") introduced an ABI backward compatibility
> > break. CRIU depends on the previous behavior, and users are now
> > reporting criu restore failures following the kernel update. This change
> > has been propagated to stable kernels. Is this check strictly required?
>
> Yes.
>
> > Would it be possible to check only if the current process has
> > CAP_SYS_ADMIN within the mount user namespace?
>
> Not enough, both in terms of permissions *and* in terms of "thou
> shalt not bugger the kernel data structures - nobody's priveleged
> enough for that".
>
> What the hell is CRIU trying to do there?

As usual, CRIU's doing some kind of ritualistic dance to restore a
container's state. In this specific scenario, it's about restoring a
mount tree across multiple mount namespaces. Fixing this
particular issue within CRIU isn't a big deal, the challenge is in
propagating this fix to all affected users. Given that the kernel change
has already been merged into stable branches, CRIU will stop
working for most users.

The criu fix is here:
https://github.com/checkpoint-restore/criu/pull/2695/commits/e91d74a27b723d4dd1f9aceb83601b1b8c2b50a7