[CRIU] [PATCH 39/39] mount: prevent dumping nested mount namespace without mnt_id in fdinfo

[Andrey Vagin]

When we don't know mnt_id, we don't know to which namespace a file
belongs.

Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 cr-check.c           | 2 +-
 include/proc_parse.h | 2 ++
 mount.c              | 9 ++++++++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/cr-check.c b/cr-check.c
index 2103659..333d593 100644
--- a/cr-check.c
+++ b/cr-check.c
@@ -249,7 +249,7 @@ static int check_one_sfd(union fdinfo_entries *e, void *arg)
 	return 0;
 }
 
-static int check_mnt_id(void)
+int check_mnt_id(void)
 {
 	struct fdinfo_common fdinfo = { .mnt_id = -1 };
 	int ret;
diff --git a/include/proc_parse.h b/include/proc_parse.h
index d57ea27..a1dfd7a 100644
--- a/include/proc_parse.h
+++ b/include/proc_parse.h
@@ -176,4 +176,6 @@ extern int parse_file_locks(void);
 struct pid;
 extern int parse_threads(int pid, struct pid **_t, int *_n);
 
+extern int check_mnt_id(void);
+
 #endif /* __CR_PROC_PARSE_H__ */
diff --git a/mount.c b/mount.c
index 71e7b31..e98d254 100644
--- a/mount.c
+++ b/mount.c
@@ -1902,7 +1902,7 @@ err:
 int dump_mnt_namespaces(void)
 {
 	struct ns_id *ns;
-	int ret = 0;
+	int ret = 0, n = 0;
 
 	for (ns = ns_ids; ns; ns = ns->next) {
 		/* Skip current namespaces, which are in the list too  */
@@ -1917,6 +1917,13 @@ int dump_mnt_namespaces(void)
 		if (!(ns->nd->cflag & CLONE_NEWNS))
 			continue;
 
+		n++;
+
+		if (n == 2 && check_mnt_id()) {
+			pr_err("Nested mount namespaces are not supported "
+				"without mnt_id in fdinfo\n");
+			return -1;
+		}
 		pr_info("Dump MNT namespace (mountpoints) %d via %d\n",
 				ns->id, ns->pid);
 		ret = dump_mnt_ns(ns);
-- 
1.8.5.3