Unverified Commit fccbe38a authored Nov 29, 2025 by Bhavik Sachdev Committed by Christian Brauner Dec 15, 2025

statmount: permission check should return EPERM



Currently, statmount() returns ENOENT when caller is not CAP_SYS_ADMIN
in the user namespace owner of target mount namespace. This should be
EPERM instead.

Suggested-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Bhavik Sachdev <b.sachdev1904@gmail.com>
Link: https://patch.msgid.link/20251129091455.757724-2-b.sachdev1904@gmail.com


Signed-off-by: Christian Brauner <brauner@kernel.org>

parent 8f0b4cce

fs/namespace.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -5780,7 +5780,7 @@ SYSCALL_DEFINE4(statmount, const struct mnt_id_req __user *, req,

		if (kreq.mnt_ns_id && (ns != current->nsproxy->mnt_ns) &&
		!ns_capable_noaudit(ns->user_ns, CAP_SYS_ADMIN))
		return -ENOENT;
		return -EPERM;

		ks = kmalloc(sizeof(*ks), GFP_KERNEL_ACCOUNT);
		if (!ks)