From: Christian Brauner <brauner@kernel.org>
To: Gabriel Sakash <gabrielsakash@gmail.com>
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: Faulty interaction between open_tree_clone and OPEN_TREE_NAMESPACE?
Date: Tue, 12 May 2026 15:26:25 +0200 [thread overview]
Message-ID: <20260512-albern-reitschule-18489fc9c55d@brauner> (raw)
In-Reply-To: <CA+PzELx7nhdo9XAJ7v3mb3hzK2LLTv6OOCHNdfnKJojX1ijoaQ@mail.gmail.com>
On Thu, Apr 30, 2026 at 12:33:47AM -0400, Gabriel Sakash wrote:
> Hello.
>
> Christian Brauner, I have CC'd you since you're the author of
> https://lore.kernel.org/all/20251229-work-empty-namespace-v1-0-
> bfb24c7b061f@kernel.org/.
>
> Due to Arch Linux updating the kernel to 7.0.2 today, I have been able to test
> the new OPEN_TREE_NAMESPACE open_tree flag on my main workstation.
> However, I have found that it and open_tree_attr do not work together.
>
> At the end is the C program I used to test the following.
> I expect that the output is something like:
> TARGET SOURCE FSTYPE OPTIONS PROPAGATION
> / /dev/nvme0n1p2[/@] btrfs <options> private
> But I get:
> open_tree_attr /: Operation not permitted
>
> Using "plain" open_tree works as expected. I have narrowed down 3 issues:
>
> 1:
> fs/namespace.c:5196 => wants_mount_setattr(...) to check if the attribute
> changes are sound.
> fs/namespace.c:5101 => may_mount() to check if the permission are met
>
> may_mount is:
> return ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN);
>
> Because this is from open_tree_attr, the process has not entered the new mount
> namespace yet. This will check if the process has CAP_SYS_ADMIN in the init
> user namespace, which it won't.
>
> 2:
> fs/namespace.c:5198 => do_mount_setattr(&file->f_path, ...)
> fs/namespace.c:5198 => path_mounted(path)
>
> This attempts to make the mount attribute changes on the path of the namespace
> "file", and not to the (root) mount in the new mount namespace. It will fail on
> path_mounted because the namespace "file" won't be the root of the NS FS.
>
> 3:
> fs/namespace.c:4952 => !anon_ns_root(mnt) && !check_mnt(mnt)
>
> This checks if the mount is anonymous (it won't be), and if not,that
> it's in the same
> mount namespace as the process (also false).
> It appears that the current mount attribute calls aren't set up to handle
> mount namespaces different from that of the current process.
>
> This issue is still prevalent when running a VM with a kernel built off of
> Linus's master branch. Apologies if this is already known about.
>
> Thank you for your time and good day.
Thank you for this bug report. It has all the details we need. This is a
missing feature for open_tree_attr() for sure and should have been
merged alongside the original implementation. Thanks for pointing that
out. I'll send a fix for this.
prev parent reply other threads:[~2026-05-12 13:26 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-30 4:33 Faulty interaction between open_tree_clone and OPEN_TREE_NAMESPACE? Gabriel Sakash
2026-05-12 13:26 ` Christian Brauner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260512-albern-reitschule-18489fc9c55d@brauner \
--to=brauner@kernel.org \
--cc=gabrielsakash@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox