From: Karel Zak Date: Wed, 27 May 2026 10:21:02 +0000 (+0200) Subject: libmount: use fd_target in hook_idmap for move_mount() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8aa3af65b2b2a57bd40ecc47467d58d27cc9d3a7;p=thirdparty%2Futil-linux.git libmount: use fd_target in hook_idmap for move_mount() Use the pinned fd_target with MOVE_MOUNT_T_EMPTY_PATH for restricted users instead of string-based move_mount(). Re-open the target fd after mount to point to the mounted filesystem root. Signed-off-by: Karel Zak --- diff --git a/libmount/src/hook_idmap.c b/libmount/src/hook_idmap.c index b62079527..88c04e14c 100644 --- a/libmount/src/hook_idmap.c +++ b/libmount/src/hook_idmap.c @@ -352,10 +352,25 @@ static int hook_mount_post( /* Attach the idmapped mount. */ if (is_private) { + unsigned int mmflags = MOVE_MOUNT_F_EMPTY_PATH; + /* Unmount the old, non-idmapped mount we just cloned and idmapped. */ umount2(target, MNT_DETACH); - rc = move_mount(fd_tree, "", -1, target, MOVE_MOUNT_F_EMPTY_PATH); + if (mnt_context_target_fd_required(cxt)) { + int fd_tgt = mnt_context_get_target_fd(cxt); + + if (fd_tgt < 0) { + rc = -errno; + goto done; + } + mmflags |= MOVE_MOUNT_T_EMPTY_PATH; + rc = move_mount(fd_tree, "", fd_tgt, "", mmflags); + } else + rc = move_mount(fd_tree, "", AT_FDCWD, target, mmflags); + + if (rc == 0) + rc = mnt_context_reopen_target_fd(cxt); if (rc < 0) { mnt_context_syscall_save_status(cxt, "move_mount", 0); if (!mnt_context_read_mesgs(cxt, fd_tree)) {