From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 19 Aug 2025 19:06:48 +0000 (+0200)
Subject: mountfsd: add recognizable error if we pass an fd with unexpected flags
X-Git-Tag: v259-rc1~512
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=86fd19af1461bf407938dc69d2d0d4b54ac2c059;p=thirdparty%2Fsystemd.git

mountfsd: add recognizable error if we pass an fd with unexpected flags
---

diff --git a/src/mountfsd/mountwork.c b/src/mountfsd/mountwork.c
index bfb8c05c22c..fb1d8ebcb48 100644
--- a/src/mountfsd/mountwork.c
+++ b/src/mountfsd/mountwork.c
@@ -771,6 +771,8 @@ static int vl_method_mount_directory(
                 return log_debug_errno(r, "Failed to get client UID: %m");
 
         DirectoryOwnership owned_by = validate_directory_fd(directory_fd, peer_uid);
+        if (owned_by == -EREMOTEIO)
+                return sd_varlink_errorbo(link, "io.systemd.MountFileSystem.BadFileDescriptorFlags", SD_JSON_BUILD_PAIR_STRING("parameter", "directoryFileDescriptor"));
         if (owned_by < 0)
                 return owned_by;
 
diff --git a/src/shared/varlink-io.systemd.MountFileSystem.c b/src/shared/varlink-io.systemd.MountFileSystem.c
index e8bfe717114..01978f9eb25 100644
--- a/src/shared/varlink-io.systemd.MountFileSystem.c
+++ b/src/shared/varlink-io.systemd.MountFileSystem.c
@@ -115,6 +115,9 @@ static SD_VARLINK_DEFINE_ERROR(RootPartitionNotFound);
 static SD_VARLINK_DEFINE_ERROR(DeniedByImagePolicy);
 static SD_VARLINK_DEFINE_ERROR(KeyNotFound);
 static SD_VARLINK_DEFINE_ERROR(VerityFailure);
+static SD_VARLINK_DEFINE_ERROR(BadFileDescriptorFlags,
+                               SD_VARLINK_FIELD_COMMENT("Name of the parameter referencing the file descriptor with one or more bad flag."),
+                               SD_VARLINK_DEFINE_FIELD(parameter, SD_VARLINK_STRING, 0));
 
 SD_VARLINK_DEFINE_INTERFACE(
                 io_systemd_MountFileSystem,
@@ -143,4 +146,6 @@ SD_VARLINK_DEFINE_INTERFACE(
                 SD_VARLINK_SYMBOL_COMMENT("The authentication key for this image is not available."),
                 &vl_error_KeyNotFound,
                 SD_VARLINK_SYMBOL_COMMENT("Verity could not be set up."),
-                &vl_error_VerityFailure);
+                &vl_error_VerityFailure,
+                SD_VARLINK_SYMBOL_COMMENT("A passed file descriptor has unexpected/forbidden flags set."),
+                &vl_error_BadFileDescriptorFlags);