nsfs: raise SB_I_NODEV and SB_I_NOEXEC

There's zero need for nsfs to allow device nodes or execution.

Link: https://patch.msgid.link/20251029-work-namespace-nstree-listns-v4-5-2e6f823ebdc0@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/nsfs.c b/fs/nsfs.c
index c1661feaccf0f31ce4ad2495b758adafac2a2b9c..8b53fd361177473e7f1661fe24f628602fda653d 100644 (file)
--- a/fs/nsfs.c
+++ b/fs/nsfs.c
@@ -591,6 +591,7 @@ static int nsfs_init_fs_context(struct fs_context *fc)
        struct pseudo_fs_context *ctx = init_pseudo(fc, NSFS_MAGIC);
        if (!ctx)
                return -ENOMEM;
+       fc->s_iflags |= SB_I_NOEXEC | SB_I_NODEV;
        ctx->s_d_flags |= DCACHE_DONTCACHE;
        ctx->ops = &nsfs_ops;
        ctx->eops = &nsfs_export_operations;