From: Ian Kent <raven@themaw.net>
To: Donald Buczek <buczek@molgen.mpg.de>
Cc: autofs <autofs@vger.kernel.org>
Subject: Re: "Too many levels of symbolic links"
Date: Wed, 16 Mar 2016 09:32:14 +0800 [thread overview]
Message-ID: <1458091934.2967.45.camel@themaw.net> (raw)
In-Reply-To: <56E0610F.9020704@molgen.mpg.de>
On Wed, 2016-03-09 at 18:44 +0100, Donald Buczek wrote:
> Hi, Kent,
>
> in 2014 we analyzed and discussed a problem which in my view boiled
> down
> to "autofs refuses to mount on a path (dentry) which already is
> mounted
> in another namespace." This is because it uses d_mountpoint ( =
> DCACHE_MOUNTED) to decide whether a mount should be attempted or not.
> At
> that point I selfishly changed our setting to avoid use of mount
> namespaces and left you alone with the problem.
>
> But now we need mount namespaces ourselves using kernel 4.4.2 and the
> old problem reoccurred
>
> So my questions:
>
> * am I right, that this problem is still unresolved?
> * is this considered a bug?
I originally made a couple of patches to make autofs namespace aware for
this case but I'm still holding on to them because, as I did them, I
realized there's quite a bit more going on with this.
For example, suppose autofs is namespace aware, the autofs file system
has been cloned as part of the namespace creation, the filesystem in the
new namespace is propagation private and the automount daemon is running
in the root namespace.
In this case there's no limit on the number of times the namespace can
attempt to trigger a mount which is possibly open to be used as a denial
of service attack. So the current ELOOP behaviour is probably needed in
this case.
Another example, assume the automount daemon is running in the root
namespace, there are multiple containers where an indirect mount map has
been passed as a volume and the container implementation sets it's
mounts as propagation slave.
In this case the mounts are mounted in the root namespace and propagated
to the containers. And similarly, if there's a bad mount the containers
are capped on the number of mount attempts by the current ELOOP
behaviour. But ELOOP probably isn't the error return the containers
should be getting either and allowing unabated callbacks is probably not
good either.
There are more cases, some of which I haven't properly investigated.
So I ended up holding onto the patches.
What exactly is your usage need?
Ian
--
To unsubscribe from this list: send the line "unsubscribe autofs" in
next prev parent reply other threads:[~2016-03-16 1:32 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-29 16:02 autofs linux 3.8.13 and "Too many levels of symbolic links" Donald Buczek
2014-01-29 17:16 ` Leonardo Chiquitto
2014-01-30 0:19 ` Ian Kent
2014-01-30 10:28 ` Donald Buczek
2014-01-30 14:30 ` Ian Kent
2014-01-31 1:36 ` Ian Kent
2014-01-31 3:31 ` Ian Kent
2014-01-31 5:13 ` Ian Kent
2014-01-31 10:10 ` Donald Buczek
2014-01-31 10:29 ` Donald Buczek
2014-02-19 10:17 ` Donald Buczek
2014-02-19 10:21 ` Donald Buczek
2014-02-20 11:41 ` Ian Kent
2014-02-20 12:18 ` Ian Kent
2014-02-20 15:57 ` Donald Buczek
2014-02-21 1:42 ` Ian Kent
2014-02-21 15:15 ` Donald Buczek
2014-02-28 12:12 ` Donald Buczek
2014-02-28 13:29 ` Alexander Viro
2014-02-28 20:35 ` Donald Buczek
2014-03-01 21:56 ` Donald Buczek
2014-03-02 0:52 ` Donald Buczek
2014-03-02 2:17 ` Ian Kent
2014-03-02 8:28 ` Donald Buczek
2014-03-02 9:41 ` Ian Kent
2014-03-02 10:22 ` Donald Buczek
2014-03-02 11:03 ` Ian Kent
2014-03-02 11:15 ` Donald Buczek
2014-03-02 11:30 ` Ian Kent
2014-03-02 11:35 ` Ian Kent
2014-03-02 11:25 ` Ian Kent
2014-03-02 2:22 ` Ian Kent
2014-03-02 7:10 ` Ian Kent
2014-03-02 14:55 ` Donald Buczek
2014-03-02 18:51 ` Donald Buczek
2014-03-03 2:40 ` Ian Kent
2014-03-03 2:40 ` Ian Kent
2014-03-04 6:06 ` Ian Kent
2016-03-09 17:44 ` Donald Buczek
2016-03-16 1:32 ` Ian Kent [this message]
2016-03-16 1:58 ` Ian Kent
2016-03-16 2:10 ` Ian Kent
2016-05-20 14:12 ` Donald Buczek
2016-05-23 1:53 ` Ian Kent
2014-02-01 1:47 ` autofs linux 3.8.13 and " Ian Kent
2014-02-01 3:32 ` Ian Kent
2014-02-01 13:08 ` Donald Buczek
2014-02-01 2:57 ` Ian Kent
2014-02-01 13:01 ` Donald Buczek
2014-02-02 3:45 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1458091934.2967.45.camel@themaw.net \
--to=raven@themaw.net \
--cc=autofs@vger.kernel.org \
--cc=buczek@molgen.mpg.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.