From 360d74554469ccf0e2d1a0111db65fa3b4aaf650 Mon Sep 17 00:00:00 2001
From: Keno Fischer <keno@juliacomputing.com>
Date: Mon, 27 Nov 2017 17:44:17 -0500
Subject: [PATCH] mount.2: Add EINVAL error condition when MS_BINDing
 MNT_LOCKED submounts

When the user creates an unprivileged mount namespace, the Linux
kernel sets the MNT_LOCKED flag [1] on any submounts to prevent
such mounts from being unmounted inside the mount namespace. Such
an unmount would reveal the filesystem tree behind the mount,
which is not otherwise possible from an unprivileged vantage
point.

Attempting to unmount such a mount will fail with EINVAL. However,
less obvious implication is that attempting a bind mount without
MS_REC, where the tree being bound contains locked sub-mounts,
will also fail with EINVAL, because, without MS_REC, such
submounts are effectively being unmounted.

Cursory googling shows several instances of people running into
this problem, so I felt it advantageous to have it documented in
the man page.

[1] https://github.com/torvalds/linux/blob/4fbd8d194f06c8a3fd2af1ce560ddb31f7ec8323/fs/namespace.c#L1110-L1113

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man2/mount.2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/man2/mount.2 b/man2/mount.2
index 87cb1a9b8..8d2a34742 100644
--- a/man2/mount.2
+++ b/man2/mount.2
@@ -650,6 +650,14 @@ or
 .BR EINVAL
 An attempt was made to bind mount an unbindable mount.
 .TP
+.BR EINVAL
+In an unpriviledged mount namespace, a bind operation
+.RB ( MS_BIND )
+was attempted without specifying
+.RB ( MS_REC ),
+which would have revealed the filesytem tree underneath one of
+the submounts of the directory being bound.
+.TP
 .B ELOOP
 Too many links encountered during pathname resolution.
 .TP