Re: [PATCH 2/2] autofs: dont trigger mount if it cant succeed
From: Al Viro
Date: Tue Nov 11 2025 - 02:11:08 EST
On Tue, Nov 11, 2025 at 02:04:39PM +0800, Ian Kent wrote:
> diff --git a/fs/autofs/inode.c b/fs/autofs/inode.c
> index f5c16ffba013..0a29761f39c0 100644
> --- a/fs/autofs/inode.c
> +++ b/fs/autofs/inode.c
> @@ -251,6 +251,7 @@ static struct autofs_sb_info *autofs_alloc_sbi(void)
> sbi->min_proto = AUTOFS_MIN_PROTO_VERSION;
> sbi->max_proto = AUTOFS_MAX_PROTO_VERSION;
> sbi->pipefd = -1;
> + sbi->owner = current->nsproxy->mnt_ns;
>
> set_autofs_type_indirect(&sbi->type);
> mutex_init(&sbi->wq_mutex);
> diff --git a/fs/autofs/root.c b/fs/autofs/root.c
> index 174c7205fee4..8cce86158f20 100644
> --- a/fs/autofs/root.c
> +++ b/fs/autofs/root.c
> @@ -341,6 +341,14 @@ static struct vfsmount *autofs_d_automount(struct path *path)
> if (autofs_oz_mode(sbi))
> return NULL;
>
> + /* Refuse to trigger mount if current namespace is not the owner
> + * and the mount is propagation private.
> + */
> + if (sbi->owner != current->nsproxy->mnt_ns) {
> + if (vfsmount_to_propagation_flags(path->mnt) & MS_PRIVATE)
> + return ERR_PTR(-EPERM);
> + }
> +
Huh? What's to guarantee that superblock won't outlive the namespace?
That looks seriously bogus.