From: Ram Pai <linuxram@us.ibm.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: serue@us.ibm.com, devel@openvz.org, linux-kernel@vger.kernel.org,
containers@lists.osdl.org, viro@ftp.linux.org.uk,
linux-fsdevel@vger.kernel.org, akpm@linux-foundation.org
Subject: Re: [Devel] Re: [patch 05/10] add "permit user mounts in new namespace" clone flag
Date: Wed, 18 Apr 2007 11:35:19 -0700 [thread overview]
Message-ID: <1176921319.2848.56.camel@ram.us.ibm.com> (raw)
In-Reply-To: <E1He6KI-0003Zl-00@dorka.pomaz.szeredi.hu>
On Wed, 2007-04-18 at 11:19 +0200, Miklos Szeredi wrote:
> > > Allowing this and other flags to NOT be propagated just makes it
> > > possible to have a set of shared mounts with asymmetric properties,
> > > which may actually be desirable.
> >
> > The shared mount feature was designed to ensure that the mount remained
> > identical at all the locations.
>
> OK, so remount not propagating mount flags is a bug then?
As I said earlier, are there any flags currently that if not propagated
can lead to conflicts with the shared subtree semantics? I am not aware
of any. If you did notice a case, than according to me its a bug.
But the new proposed 'allow unpriviledged mounts' flag; if not
propagated among peers (and slaves) of a shared mount can lead to
conflicts with shared subtree semantics. Since mount in one
shared-mount; when propagated to its peer fails to mount and hence lead
to un-identical peers.
>
> > Now designing features to make it un-identical but still naming it
> > shared, will break its original purpose. Slave mounts were designed
> > to make it asymmetric.
>
> What if I want to modify flags in a master mount, but not the slave
> mount? Would I be screwed? For example: mount is read-only in both
> master and slave. I want to mark it read-write in master but not in
> slave. What do I do?
Making mounts read-only or read-write -- will that effect mount
propagation in such a way that future mounts in any one of the
peers will not be able to propagate that mount to its peers or slaves?
I don't think it will. Hence its ok to selectively mark some mounts
read-only and some mounts read-write.
However with the introduction of unpriviledged mount semantics, there
can be cases where a user has priviledges to mount at one location but
not at a different location. if these two location happen to share
a peer-relationship than I see a case of interference of read-write
flag semantics with shared subtree semantics. And hence we will end up
propagating the read-write flag too or have to craft a different
semantics that stays consistent.
>
> > Whatever feature that is desired to be exploited; can that be exploited
> > with the current set of semantics that we have? Is there a real need to
> > make the mounts asymmetric but at the same time name them as shared?
> > Maybe I dont understand what the desired application is?
>
> I do think this question of propagating mount flags is totally
> independent of user mounts.
>
> As it stands, currently remount doesn't propagate mount flags, and I
> don't see any compelling reasons why it should.
>
> The patchset introduces a new mount flag "allowusermnt", but I don't
> see any compelling reason to propagate this flag _either_.
>
> Please say so if you do have such a reason. As I've explained, having
> this flag set differently in parts of a propagation tree does not
> interfere with or break propagation in any way.
As I said earlier, I see a case where two mounts that are peers of each
other can become un-identical if we dont propagate the "allowusermnt".
As a practical example.
/tmp and /mnt are peers of each other.
/tmp has its "allowusermnt" flag set, which has not been propagated
to /mnt.
now a normal-user mounts an ext2 file system under /tmp at /tmp/1
unfortunately the mount wont appear under /mnt/1
and this breaks the shared-subtree semantics which promises: whatever is
mounted under /tmp will also be visible under /mnt
and in case if you allow the mount to appear under /mnt/1, you will
break unpriviledge mounts semantics which promises: a normal user will
not be able to mount at a location that does not allow user-mounts.
RP
>
> Miklos
>
next prev parent reply other threads:[~2007-04-18 18:37 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-12 16:45 [patch 00/10] (resend) mount ownership and unprivileged mount syscall Miklos Szeredi
2007-04-12 16:45 ` [patch 01/10] add user mounts to the kernel Miklos Szeredi
2007-04-12 16:45 ` [patch 02/10] allow unprivileged umount Miklos Szeredi
2007-04-12 16:45 ` [patch 03/10] account user mounts Miklos Szeredi
2007-04-12 16:45 ` [patch 04/10] add "permit user mounts" flag to namespaces Miklos Szeredi
2007-04-12 16:45 ` [patch 05/10] add "permit user mounts in new namespace" clone flag Miklos Szeredi
2007-04-12 20:32 ` Serge E. Hallyn
2007-04-13 4:16 ` Herbert Poetzl
2007-04-13 7:09 ` Miklos Szeredi
2007-04-13 4:45 ` Eric W. Biederman
2007-04-13 7:12 ` Miklos Szeredi
2007-04-13 13:47 ` Serge E. Hallyn
2007-04-13 14:22 ` Eric W. Biederman
2007-04-16 8:47 ` [Devel] " Ram Pai
2007-04-16 9:32 ` Miklos Szeredi
2007-04-16 9:49 ` Ram Pai
2007-04-16 9:56 ` Miklos Szeredi
2007-04-16 15:43 ` Eric W. Biederman
2007-04-16 15:58 ` Miklos Szeredi
2007-04-16 19:16 ` Eric W. Biederman
2007-04-16 19:56 ` Serge E. Hallyn
2007-04-17 9:04 ` Eric W. Biederman
2007-04-17 11:09 ` Miklos Szeredi
2007-04-17 18:16 ` Eric W. Biederman
2007-04-17 18:36 ` Miklos Szeredi
2007-04-17 19:54 ` Eric W. Biederman
2007-04-18 9:11 ` Miklos Szeredi
2007-04-18 13:55 ` Trond Myklebust
2007-04-18 14:03 ` Miklos Szeredi
2007-04-18 14:26 ` Trond Myklebust
2007-04-18 15:01 ` Christoph Hellwig
2007-04-18 19:00 ` Trond Myklebust
2007-04-18 15:06 ` Miklos Szeredi
2007-04-18 17:14 ` Eric W. Biederman
2007-04-18 18:05 ` Miklos Szeredi
2007-04-19 9:02 ` Miklos Szeredi
2007-04-17 14:25 ` Serge E. Hallyn
2007-04-17 14:28 ` Serge E. Hallyn
2007-04-16 17:14 ` Ram Pai
2007-04-16 17:50 ` Miklos Szeredi
2007-04-17 17:07 ` Serge E. Hallyn
2007-04-17 17:44 ` Miklos Szeredi
2007-04-17 18:15 ` Serge E. Hallyn
2007-04-17 18:58 ` Miklos Szeredi
2007-04-17 19:28 ` Ram Pai
2007-04-17 19:43 ` Miklos Szeredi
2007-04-17 20:25 ` Ram Pai
2007-04-18 9:19 ` Miklos Szeredi
2007-04-18 18:35 ` Ram Pai [this message]
2007-04-18 19:14 ` Miklos Szeredi
2007-04-18 19:41 ` Ram Pai
2007-04-19 8:36 ` Miklos Szeredi
2007-04-12 16:45 ` [patch 06/10] propagate error values from clone_mnt Miklos Szeredi
2007-04-12 16:45 ` [patch 07/10] allow unprivileged bind mounts Miklos Szeredi
2007-04-12 16:45 ` [patch 08/10] put declaration of put_filesystem() in fs.h Miklos Szeredi
2007-04-12 16:45 ` [patch 09/10] allow unprivileged mounts Miklos Szeredi
2007-04-12 16:45 ` [patch 10/10] allow unprivileged fuse mounts Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1176921319.2848.56.camel@ram.us.ibm.com \
--to=linuxram@us.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=containers@lists.osdl.org \
--cc=devel@openvz.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=serue@us.ibm.com \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.