Re: [PATCH 2/2] autofs: dont trigger mount if it cant succeed
From: Ian Kent
Date: Tue Nov 11 2025 - 03:33:51 EST
On 11/11/25 14:59, Al Viro wrote:
On Tue, Nov 11, 2025 at 02:04:39PM +0800, Ian Kent wrote:
diff --git a/fs/autofs/inode.c b/fs/autofs/inode.c
index f5c16ffba013..0a29761f39c0 100644
--- a/fs/autofs/inode.c
+++ b/fs/autofs/inode.c
@@ -251,6 +251,7 @@ static struct autofs_sb_info *autofs_alloc_sbi(void)
sbi->min_proto = AUTOFS_MIN_PROTO_VERSION;
sbi->max_proto = AUTOFS_MAX_PROTO_VERSION;
sbi->pipefd = -1;
+ sbi->owner = current->nsproxy->mnt_ns;
set_autofs_type_indirect(&sbi->type);
mutex_init(&sbi->wq_mutex);
diff --git a/fs/autofs/root.c b/fs/autofs/root.c
index 174c7205fee4..8cce86158f20 100644
--- a/fs/autofs/root.c
+++ b/fs/autofs/root.c
@@ -341,6 +341,14 @@ static struct vfsmount *autofs_d_automount(struct path *path)
if (autofs_oz_mode(sbi))
return NULL;
+ /* Refuse to trigger mount if current namespace is not the owner
+ * and the mount is propagation private.
+ */
+ if (sbi->owner != current->nsproxy->mnt_ns) {
+ if (vfsmount_to_propagation_flags(path->mnt) & MS_PRIVATE)
+ return ERR_PTR(-EPERM);
+ }
+
Huh? What's to guarantee that superblock won't outlive the namespace?
Not 30 minutes after I posted these I was thinking about the case the daemon
(that mounted this) going away, very loosely similar I think. Setting the
mounting process's namespace when it mounts it is straight forward but what
can I do if the process crashes ...
I did think that if the namespace is saved away by the process that mounts
it that the mount namespace would be valid at least until it umounts it but
yes there are a few things that can go wrong ...
Any ideas how I can identify this case?
Ian