mount: honour SB_NOUSER in the new mount API

One should *not* be allowed to mount one of those, new API or not.

Reported-by: Denis Arefev <arefev@swemel.ru>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Link: https://patch.msgid.link/20260602020444.GP2636677@ZenIV
Signed-off-by: Christian Brauner (Amutable) <brauner@kernel.org>

diff --git a/fs/namespace.c b/fs/namespace.c
index d67c2f61b3dfd2cd3f6d2129c8509b87e0da77e5..71ae1e9a1266383ce5fd7d80e890e11117dcb11d 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -4498,6 +4498,10 @@ SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags,
        new_mnt = vfs_create_mount(fc);
        if (IS_ERR(new_mnt))
                return PTR_ERR(new_mnt);
+       if (new_mnt->mnt_sb->s_flags & SB_NOUSER) {
+               mntput(new_mnt);
+               return -EINVAL;
+       }
        new_mnt->mnt_flags = mnt_flags;
 
        new_path.dentry = dget(fc->root);