On 2025-08-06, Al Viro [off-list ref] wrote:
On Wed, Aug 06, 2025 at 02:48:30PM +1000, Aleksa Sarai wrote:
quoted
error = security_sb_kern_mount(sb);
- if (!error && mount_too_revealing(sb, &mnt_flags))
+ if (!error && mount_too_revealing(sb, &mnt_flags)) {
error = -EPERM;
+ errorfcp(fc, "VFS", "Mount too revealing");
+ }
Hmm... For aesthetics sake, I'd probably do logging first; otherwise
fine by me.
Good point, I'll send a v2.
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
https://www.cyphar.com/