From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Theodore Y. Ts'o" Subject: Re: BUG: Mount ignores mount options Date: Fri, 10 Aug 2018 21:46:19 -0400 Message-ID: <20180811014619.GA14368@thunk.org> References: <153313703562.13253.5766498657900728120.stgit@warthog.procyon.org.uk> <87d0uqpba5.fsf@xmission.com> <20180810151606.GA6515@ZenIV.linux.org.uk> <87pnypiufr.fsf@xmission.com> Mime-Version: 1.0 Content-Transfer-Encoding: base64 Return-path: DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=nWXc6vZEs9KhppBzlPhwuChgkTa4gq2ZEZL2+ARQpM4=; b=kgwkahbJIVD+QOLq9z7YZK4cRe +vPC4T+vOOcvHXj+P7uDVrRqGZAbZudYedjHfE9UxQpgSNVMvKumIm+7DLjUi8Bwk29b3iHS9uWbF BqH6gni5r81SNepZVL+MUYVJF7qxicAR+V14jTJ+EZVHgAavsoo5C9fjAWCSihBVbEMk=; Content-Disposition: inline In-Reply-To: <87pnypiufr.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: apparmor-bounces-nLRlyDuq1AZFpShjVBNYrg@public.gmane.org Sender: "AppArmor" Content-Type: text/plain; charset="us-ascii" To: "Eric W. Biederman" Cc: Eric Biggers , Tetsuo Handa , David Howells , selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org, tomoyo-dev-en-5NWGOfrQmneRv+LV9MX5uooqe+aC9MnS@public.gmane.org, Paul Moore , Miklos Szeredi , Stephen Smalley , fenghua.yu-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org, apparmor-nLRlyDuq1AZFpShjVBNYrg@public.gmane.org, Greg Kroah-Hartman , Al Viro , cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Li Zefan , Johannes Weiner , linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Tejun Heo , torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org T24gRnJpLCBBdWcgMTAsIDIwMTggYXQgMDg6MDU6NDRQTSAtMDUwMCwgRXJpYyBXLiBCaWVkZXJt YW4gd3JvdGU6Cj4gCj4gTXkgY29tcGxhaW50IGlzIHRoYXQgdGhlIGN1cnJlbnQgaW1wbGVtZW50 ZWQgYmVoYXZpb3Igb2YgcHJhY3RpY2FsbHkKPiBldmVyeSBmaWxlc3lzdGVtIGluIHRoZSBrZXJu ZWwsIGlzIHRoYXQgaXQgd2lsbCBpZ25vcmUgbW91bnQgb3B0aW9ucwo+IHdoZW4gbW91bnRlZCBh IHNlY29uZCB0aW1lLgoKVGhlIGZpbGUgc3lzdGVtIGlzICoqKm5vdCoqKiBtb3VudGVkIGEgc2Vj b25kIHRpbWUuCgpUaGUgZGVzaWduIGJ1ZyBpcyB0aGF0IHdlIGFsbG93IGJpbmQgbW91bnRzIHRv IGJlIHNwZWNpZmllZCB2aWEgYQpibG9jayBkZXZpY2UuICBBIGJpbmQgbW91bnQgaXMgbm90ICJh IHNlY29uZCBtb3VudCIgb2YgdGhlIGZpbGUKc3lzdGVtLiAgQmluZCBtb3VudHMgIT0gbW91bnRz LgoKSSBoYWQgYXNzdW1lZCB3ZSBoYWQgYWxsb3dlZCBiaW5kIG1vdW50cyB0byBiZSBzcGVjaWZp ZWQgdmlhIHRoZSBibG9jawpkZXZpY2UgYmVjYXVzZSBvZiBjb250YWluZXIgdXNlIGNhc2VzLiAg SWYgdGhlIGNvbnRhaW5lciBmb2xrcyBkb24ndAp3YW50IGl0LCBJIHdvdWxkIGJlIHB1c2hpbmcg dG8gc2ltcGx5IG5vdCBhbGxvdyBiaW5kIG1vdW50cyB0byBiZQpzcGVjaWZpZWQgdmlhIGJsb2Nr IGRldmljZSBhdCBhbGwuCgpUaGUgb25seSByZWFzb24gd2h5IHdlIHNob3VsZCBzdXBwb3J0IGl0 IGlzIGJlY2F1c2Ugd2UgZG9uJ3Qgd2FudCB0bwpicmVhayBzY3JpcHRzOyBhbmQgaWYgdGhlIGdv YWwgaXMgbm90IHRvIGJyZWFrIHNjcmlwdHMsIHRoZW4gd2UgaGF2ZQp0byBrZWVwIHRvIHRoZSBj dXJyZW50IHNlbWFudGljcywgaG93ZXZlciBicm9rZW4geW91IHRoaW5rIGl0IGlzLgoKCQkJCQkt IFRlZAoKLS0gCkFwcEFybW9yIG1haWxpbmcgbGlzdApBcHBBcm1vckBsaXN0cy51YnVudHUuY29t Ck1vZGlmeSBzZXR0aW5ncyBvciB1bnN1YnNjcmliZSBhdDogaHR0cHM6Ly9saXN0cy51YnVudHUu Y29tL21haWxtYW4vbGlzdGluZm8vYXBwYXJtb3IK From mboxrd@z Thu Jan 1 00:00:00 1970 From: tytso@mit.edu (Theodore Y. Ts'o) Date: Fri, 10 Aug 2018 21:46:19 -0400 Subject: BUG: Mount ignores mount options In-Reply-To: <87pnypiufr.fsf@xmission.com> References: <153313703562.13253.5766498657900728120.stgit@warthog.procyon.org.uk> <87d0uqpba5.fsf@xmission.com> <20180810151606.GA6515@ZenIV.linux.org.uk> <87pnypiufr.fsf@xmission.com> Message-ID: <20180811014619.GA14368@thunk.org> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Fri, Aug 10, 2018 at 08:05:44PM -0500, Eric W. Biederman wrote: > > My complaint is that the current implemented behavior of practically > every filesystem in the kernel, is that it will ignore mount options > when mounted a second time. The file system is ***not*** mounted a second time. The design bug is that we allow bind mounts to be specified via a block device. A bind mount is not "a second mount" of the file system. Bind mounts != mounts. I had assumed we had allowed bind mounts to be specified via the block device because of container use cases. If the container folks don't want it, I would be pushing to simply not allow bind mounts to be specified via block device at all. The only reason why we should support it is because we don't want to break scripts; and if the goal is not to break scripts, then we have to keep to the current semantics, however broken you think it is. - Ted From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Fri, 10 Aug 2018 21:46:19 -0400 From: "Theodore Y. Ts'o" To: "Eric W. Biederman" Cc: Al Viro , David Howells , John Johansen , Tejun Heo , selinux@tycho.nsa.gov, Paul Moore , Li Zefan , linux-api@vger.kernel.org, apparmor@lists.ubuntu.com, Casey Schaufler , fenghua.yu@intel.com, Greg Kroah-Hartman , Eric Biggers , linux-security-module@vger.kernel.org, Tetsuo Handa , Johannes Weiner , Stephen Smalley , tomoyo-dev-en@lists.sourceforge.jp, cgroups@vger.kernel.org, torvalds@linux-foundation.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Miklos Szeredi Message-ID: <20180811014619.GA14368@thunk.org> References: <153313703562.13253.5766498657900728120.stgit@warthog.procyon.org.uk> <87d0uqpba5.fsf@xmission.com> <20180810151606.GA6515@ZenIV.linux.org.uk> <87pnypiufr.fsf@xmission.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <87pnypiufr.fsf@xmission.com> Subject: Re: BUG: Mount ignores mount options List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: On Fri, Aug 10, 2018 at 08:05:44PM -0500, Eric W. Biederman wrote: > > My complaint is that the current implemented behavior of practically > every filesystem in the kernel, is that it will ignore mount options > when mounted a second time. The file system is ***not*** mounted a second time. The design bug is that we allow bind mounts to be specified via a block device. A bind mount is not "a second mount" of the file system. Bind mounts != mounts. I had assumed we had allowed bind mounts to be specified via the block device because of container use cases. If the container folks don't want it, I would be pushing to simply not allow bind mounts to be specified via block device at all. The only reason why we should support it is because we don't want to break scripts; and if the goal is not to break scripts, then we have to keep to the current semantics, however broken you think it is. - Ted