vfs: output mount_too_revealing() errors to fscontext

It makes little sense for fsmount() to output the warning message when
mount_too_revealing() is violated to kmsg. Instead, the warning should
be output (with a "VFS" prefix) to the fscontext log. In addition,
include the same log message for mount_too_revealing() when doing a
regular mount for consistency.

With the newest fsopen()-based mount(8) from util-linux, the error
messages now look like

  # mount -t proc proc /tmp
  mount: /tmp: fsmount() failed: VFS: Mount too revealing.
         dmesg(1) may have more information after failed mount system call.

which could finally result in mount_too_revealing() errors being easier
for users to detect and understand.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Link: https://lore.kernel.org/20250806-errorfc-mount-too-revealing-v2-2-534b9b4d45bb@cyphar.com
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/namespace.c b/fs/namespace.c
index ddfd4457d338372a6ee88f2fc54075eab25be3a8..86d12f88b6885234868679eea71f3fddf4db1379 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3724,8 +3724,10 @@ static int do_new_mount_fc(struct fs_context *fc, struct path *mountpoint,
        int error;
 
        error = security_sb_kern_mount(sb);
-       if (!error && mount_too_revealing(sb, &mnt_flags))
+       if (!error && mount_too_revealing(sb, &mnt_flags)) {
+               errorfcp(fc, "VFS", "Mount too revealing");
                error = -EPERM;
+       }
 
        if (unlikely(error)) {
                fc_drop_locked(fc);
@@ -4441,7 +4443,7 @@ SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags,
 
        ret = -EPERM;
        if (mount_too_revealing(fc->root->d_sb, &mnt_flags)) {
-               pr_warn("VFS: Mount too revealing\n");
+               errorfcp(fc, "VFS", "Mount too revealing");
                goto err_unlock;
        }