From: Rob Landley <rob@landley.net>
To: Ram Pai <linuxram@us.ibm.com>
Cc: greg@enjellic.com, Mike Waychison <mikew@google.com>,
Linux Kernel <linux-kernel@vger.kernel.org>,
leimy2k@gmail.com
Subject: Re: /etc/mtab and per-process namespaces
Date: Sat, 29 Oct 2005 05:16:35 -0500 [thread overview]
Message-ID: <200510290516.37700.rob@landley.net> (raw)
In-Reply-To: <1130544418.4902.47.camel@localhost>
On Friday 28 October 2005 19:06, Ram Pai wrote:
> > Mike's comments are very apt. The current situation with mount
> > support is untenable. Even working on private development machines it
> > gets confusing as to what is or is not mounted in various
> > shells/processes. The basic infra-structure is there with process
> > specific mount information (/proc/self/mounts) but mount and friends
> > are a bit problematic with respect to supporting this.
I fairly extensively rewrote busybox mount, and one of my goals was doing the
best job with /proc/mounts (only) support that I could. In some ways,
busybox's mount is better (such as the fact it can autodetect when you're
trying to mount a file and figure out it needs -o loop without being told).
If you want try the busybox version of mount/losetup/umount, I hope it does
what you want and am willing to fix it if it doesn't. (P.S. To
use /proc/mounts either configure it without /etc/mtab support or
symlink /etc/mtab to /proc/mounts.)
> > I'm working on a namespace toolkit to address these issues. I've got
> > a pretty basic tool, similar to sudo, which allows spawning processes
> > with a protected namespace. I'm adding a configuration system which
> > allow systems administrators to define a setup of bind mounts which
> > are automatically executed before the user is given their shell. I'm
> > also working up a PAM account module to go along with this. I would
> > certainly be open to suggestions as to what else people would consider
> > useful in such a toolkit.
> >
> > I've been pondering the best way to take on the mount problem.
> > Current mount binaries seem to fall back to /proc/mounts if /etc/mtab
> > is not present. All bets are off of course if the mount binary is
> > used for the bind mount since a new /etc/mtab is created.
Have you tried having /etc/mtab be a symlink to /proc/mounts?
> > I'm willing to whack on the mount binary a bit as part of this. The
> > obvious solution is to teach mount to act differently if it is running
> > in a private namespace. If anybody knows of a good way to detect this
> > I would be interested in knowing that. In newns (the namespace sudo
> > tool) I'm setting an environment variable for mount to detect on but a
> > system level approach would be more generic.
>
> actually there is a hackish way for a process to figure out if it is in
> a different namespace than the system namespace.
>
> ls /proc/1/root
>
> in a system namespace it will allow you to see the content.
> And in a per-process-namespace it will fail with permission denied.
>
> But I think we should figure out a cleaner way to decipher this,
> and that would start with clearly defining the requirements, I think.
The big thing I've never figured out how to do is make umount -a work in the
presence of multiple namespaces. (Should it just umount what it sees? I
don't know how to umount everything because I can't find everything...)
> RP
Rob
next prev parent reply other threads:[~2005-10-29 10:17 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-22 13:23 /etc/mtab and per-process namespaces Dr. Greg Wettstein
2005-10-29 0:06 ` Ram Pai
2005-10-29 10:16 ` Rob Landley [this message]
2005-10-31 19:11 ` Ram Pai
2005-10-31 23:27 ` Rob Landley
2005-11-01 0:01 ` Ram Pai
2005-11-01 7:36 ` Miklos Szeredi
2005-11-01 8:44 ` Rob Landley
[not found] <50rBX-76N-37@gated-at.bofh.it>
[not found] ` <50rBX-76N-35@gated-at.bofh.it>
2005-10-22 17:26 ` Bodo Eggert
[not found] <4TkbZ-6KJ-9@gated-at.bofh.it>
[not found] ` <4U0uy-33E-7@gated-at.bofh.it>
[not found] ` <4U0XK-3Gp-47@gated-at.bofh.it>
2005-10-04 21:20 ` Bodo Eggert
2005-10-05 0:14 ` Al Viro
-- strict thread matches above, loose matches on Subject: below --
2005-10-02 22:08 David Leimbach
2005-10-04 19:14 ` David Leimbach
2005-10-04 19:18 ` Christoph Hellwig
2005-10-04 19:49 ` Michael Tokarev
2005-10-04 19:52 ` David Leimbach
2005-10-04 19:43 ` Al Viro
2005-10-04 20:07 ` David Leimbach
2005-10-04 20:20 ` Al Viro
2005-10-05 16:29 ` Ram
2005-10-14 2:10 ` Mike Waychison
2005-10-17 0:47 ` Ian Kent
2005-10-20 3:53 ` Rob Landley
2005-10-20 3:42 ` Rob Landley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200510290516.37700.rob@landley.net \
--to=rob@landley.net \
--cc=greg@enjellic.com \
--cc=leimy2k@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxram@us.ibm.com \
--cc=mikew@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.