On Wed, 29 Nov 2023 at 10:53, Christian Brauner [off-list ref] wrote:

On Tue, 28 Nov 2023 17:03:31 +0100, Miklos Szeredi wrote:

quoted

This came out from me thinking about the best libc API.  It contains a few
changes that simplify and (I think) improve the interface.

Tree:

  git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git#vfs.mount

[...]

Afaict, all changes as discussed. Thanks. I folded the fixes into the
main commit. Links to the patches that were folded are in the commit
message and explained in there as well. The final commit is now rather
small and easy to read.

Looks good, thanks for folding the patches.

   * Remove explicit LISTMOUNT_UNREACHABLE flag (cf. [1]). That
     functionality can simply be made available by checking for required
     privileges. If the caller is sufficiently privileged then list mounts
     that can't be reached from the current root. If the caller isn't skip
     mounts that can't be reached from the current root. This also makes
     permission checking consistent with statmount() (cf. [3]).

Skipping mounts based on privileges was what the initial version did.
That inconsistency was the reason for introducing
LISTMOUNT_UNREACHABLE.  The final version doesn't skip mounts based on
privileges, either all submounts are listed or the request is rejected
with -EPERM.

For the case when some submounts are inside root and some are outside
useing LSMT_ROOT should be sufficient.  LSMT_ROOT won't fail due to
insufficient privileges, since by definition it lists only mounts that
are below root.

Thanks,
Miklos