EBADF pathname is relative but dirfd is neither AT_FDCWD nor a
valid file descriptor.
EBADF userns_fd is not a valid file descriptor.
EBUSY The caller tried to change the mount to MOUNT_ATTR_RDONLY,
but the mount still holds files open for writing.
EINVAL The pathname specified via the dirfd and pathname
arguments to mount_setattr() isn't a mount point.
EINVAL An unsupported value was set in flags.
EINVAL An unsupported value was specified in the attr_set field
of mount_attr.
EINVAL An unsupported value was specified in the attr_clr field
of mount_attr.
EINVAL An unsupported value was specified in the propagation
field of mount_attr.
EINVAL More than one of MS_SHARED, MS_SLAVE, MS_PRIVATE, or
MS_UNBINDABLE was set in the propagation field of
mount_attr.
EINVAL An access-time setting was specified in the attr_set field
without MOUNT_ATTR__ATIME being set in the attr_clr field.
EINVAL MOUNT_ATTR_IDMAP was specified in attr_clr.
EINVAL A file descriptor value was specified in userns_fd which
exceeds INT_MAX.
EINVAL A valid file descriptor value was specified in userns_fd,
but the file descriptor did not refer to a user namespace.
EINVAL The underlying filesystem does not support ID-mapped
mounts.
EINVAL The mount that is to be ID mapped is not a detached mount;
that is, the mount has not previously been visible in a
mount namespace.
EINVAL A partial access-time setting was specified in attr_clr
instead of MOUNT_ATTR__ATIME being set.
EINVAL The mount is located outside the caller's mount namespace.
EINVAL The underlying filesystem has been mounted in a mount
namespace that is owned by a noninitial user namespace
ENOENT A pathname was empty or had a nonexistent component.
ENOMEM When changing mount propagation to MS_SHARED, a new peer
group ID needs to be allocated for all mounts without a
peer group ID set. This allocation failed because there
was not enough memory to allocate the relevant internal
structures.
ENOSPC When changing mount propagation to MS_SHARED, a new peer
group ID needs to be allocated for all mounts without a
peer group ID set. This allocation failed because the
kernel has run out of IDs.
EPERM One of the mounts had at least one of MOUNT_ATTR_NOATIME,
MOUNT_ATTR_NODEV, MOUNT_ATTR_NODIRATIME,
MOUNT_ATTR_NOEXEC, MOUNT_ATTR_NOSUID, or MOUNT_ATTR_RDONLY
set and the flag is locked. Mount attributes become
locked on a mount if:
• A new mount or mount tree is created causing mount
propagation across user namespaces (i.e., propagation
to a mount namespace owned by a different user
namespace). The kernel will lock the aforementioned
flags to prevent these sensitive properties from being
altered.
• A new mount and user namespace pair is created. This
happens for example when specifying CLONE_NEWUSER |
CLONE_NEWNS in unshare(2), clone(2), or clone3(2). The
aforementioned flags become locked in the new mount
namespace to prevent sensitive mount properties from
being altered. Since the newly created mount namespace
will be owned by the newly created user namespace, a
calling process that is privileged in the new user
namespace would—in the absence of such locking—be able
to alter sensitive mount properties (e.g., to remount a
mount that was marked read-only as read-write in the
new mount namespace).
EPERM A valid file descriptor value was specified in userns_fd,
but the file descriptor refers to the initial user
namespace.
EPERM An attempt was made to add an ID mapping to a mount that
is already ID mapped.
EPERM The caller does not have CAP_SYS_ADMIN in the initial user
namespace.
