libmount: ignore X-mount.nocanonicalize for restricted users

Paths must always be canonicalized in restricted (non-root) mode to
ensure safe target resolution before fd pinning.

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/libmount/src/context.c b/libmount/src/context.c
index cfd5cd3db1e6548f1a1b7ba697e96262cb3added..1865513c3a5426c6584a2f12d792fee36d7588d0 100644 (file)
--- a/libmount/src/context.c
+++ b/libmount/src/context.c
@@ -571,6 +571,9 @@ int mnt_context_is_xnocanonicalize(
        assert(cxt);
        assert(type);
 
+       if (mnt_context_is_restricted(cxt))
+               return 0;
+
        ol = mnt_context_get_optlist(cxt);
        if (!ol)
                return 0;

diff --git a/sys-utils/mount.8.adoc b/sys-utils/mount.8.adoc
index 44eb97f38ad80ad4e79d2128863e6a6a92a687dc..48461b07b8e660d8700b3e814c739cdb0c277d83 100644 (file)
--- a/sys-utils/mount.8.adoc
+++ b/sys-utils/mount.8.adoc
@@ -794,7 +794,7 @@ Allows disabling of canonicalization for mount source and target paths. By defau
 +
 The command-line option *--no-canonicalize* overrides this mount option and affects all path and tag conversions in all situations, but for backward compatibility, it does not modify *open_tree*(2) syscall flags and does not allow the bind-mount over a symbolic link use case.
 +
-Note that *mount*(8) still sanitizes and canonicalizes the source and target paths specified on the command line by unprivileged users, regardless of the X-mount.nocanonicalize setting.
+Note that *mount*(8) ignores this option for unprivileged (non-root) users. Paths are always canonicalized in restricted mode to ensure safe target resolution.
 
 *X-mount.noloop*::
 Do not create and mount a loop device, even if the source of the mount is a regular file.