From: Karel Zak Date: Wed, 27 May 2026 09:12:17 +0000 (+0200) Subject: libmount: ignore X-mount.nocanonicalize for restricted users X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d07aad41e323fd36a1504809d1f9b89c0504f76c;p=thirdparty%2Futil-linux.git libmount: ignore X-mount.nocanonicalize for restricted users Paths must always be canonicalized in restricted (non-root) mode to ensure safe target resolution before fd pinning. Signed-off-by: Karel Zak --- diff --git a/libmount/src/context.c b/libmount/src/context.c index cfd5cd3db..1865513c3 100644 --- a/libmount/src/context.c +++ b/libmount/src/context.c @@ -571,6 +571,9 @@ int mnt_context_is_xnocanonicalize( assert(cxt); assert(type); + if (mnt_context_is_restricted(cxt)) + return 0; + ol = mnt_context_get_optlist(cxt); if (!ol) return 0; diff --git a/sys-utils/mount.8.adoc b/sys-utils/mount.8.adoc index 44eb97f38..48461b07b 100644 --- a/sys-utils/mount.8.adoc +++ b/sys-utils/mount.8.adoc @@ -794,7 +794,7 @@ Allows disabling of canonicalization for mount source and target paths. By defau + The command-line option *--no-canonicalize* overrides this mount option and affects all path and tag conversions in all situations, but for backward compatibility, it does not modify *open_tree*(2) syscall flags and does not allow the bind-mount over a symbolic link use case. + -Note that *mount*(8) still sanitizes and canonicalizes the source and target paths specified on the command line by unprivileged users, regardless of the X-mount.nocanonicalize setting. +Note that *mount*(8) ignores this option for unprivileged (non-root) users. Paths are always canonicalized in restricted mode to ensure safe target resolution. *X-mount.noloop*:: Do not create and mount a loop device, even if the source of the mount is a regular file.