Hi Christian and Al, On Mon, Mar 23, 2026 at 11:12 PM Tetsuo Handa <[email protected]> wrote: [...] > diff --git a/fs/namespace.c b/fs/namespace.c > index ba5baccdde67..621b8205a0af 100644 > --- a/fs/namespace.c > +++ b/fs/namespace.c > @@ -3777,7 +3777,7 @@ static bool mount_too_revealing(const struct > super_block *sb, int *new_mnt_flags > * be added to the namespace tree. > */ > static int do_new_mount_fc(struct fs_context *fc, const struct path > *mountpoint, > - unsigned int mnt_flags) > + unsigned int mnt_flags, void *data, unsigned long > flags) > { > struct super_block *sb; > struct vfsmount *mnt __free(mntput) = fc_mount(fc); > @@ -3786,6 +3786,10 @@ static int do_new_mount_fc(struct fs_context *fc, > const struct path *mountpoint, > if (IS_ERR(mnt)) > return PTR_ERR(mnt); > > + error = security_mount_new(fc, mountpoint, mnt_flags, flags, data); > + if (error) > + return error; > + > sb = fc->root->d_sb; > error = security_sb_kern_mount(sb); > if (unlikely(error)) > @@ -3857,9 +3861,7 @@ static int do_new_mount(const struct path *path, const > char *fstype, > err = -EPERM; > > if (!err) > - err = security_mount_new(fc, path, mnt_flags, flags, data); > - if (!err) > - err = do_new_mount_fc(fc, path, mnt_flags); > + err = do_new_mount_fc(fc, path, mnt_flags, data, flags); > > put_fs_context(fc); > return err;
Could you please comment on Tetsuo's proposal here? The core change (moving security_mount_new after fc_mount) makes sense to me. However, it seems to require a lot of code to support this change. Given the current patchset addresses TOCTOU issues of bind mount, etc. Maybe we can land this set and address TOCTOU issue with new mount in follow-up patches? Thanks, Song
