From: Mike Waychison <mikew@google.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: jamie@shareable.org, linuxram@us.ibm.com,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
akpm@osdl.org, viro@parcelfarce.linux.theplanet.co.uk
Subject: Re: [RFC][PATCH] rbind across namespaces
Date: Tue, 24 May 2005 10:15:27 -0700 [thread overview]
Message-ID: <4293612F.3000708@google.com> (raw)
In-Reply-To: <E1DaVYK-0003ko-00@dorka.pomaz.szeredi.hu>
Miklos Szeredi wrote:
> (Sorry for replying in two parts, I missed this in the first reading)
>
>
>>>>walking mountpoints in userspace:
>>>>http://marc.theaimsgroup.com/?l=linux-kernel&m=109875012510262&w=2
>>>
>>>
>>>Is this needed? Userspace can find out mountpoints from /proc/mounts
>>>(or something similar for detached trees).
>>>
>>
>>With detached mountpoints (and especially with detached mountpoint
>>_trees_) it can become very difficult to assess which trees are which.
>>
>>Also, just like /proc/PID/fd/*, /proc/mounts is built according to
>>_current_'s root. This only gives a skewed view of what is going on.
>
>
> I'm thinking of /proc/PID/fdinfo/FD/mounts or similar.
>
>
>>>>attaching mountpoints in userspace:
>>>>http://marc.theaimsgroup.com/?l=linux-fsdevel&m=109875063100111&w=2
>>>
>>>
>>>Again, bind from/to /proc/PID/fd/FD should work without any new
>>>interfaces.
>>
>>No.. It wouldn't. Pathname resolution is doing everything according to
>>the ->readlink information provided by this magic proc files, again in
>>current's namespace. If you care to hijack ->follow_link, prepare
>>yourself for a slew of corner cases.
>
>
> No need to hijack, it's already done. Removing calls to
> proc_check_root() will allow access to different namespaces detached
> mounts, etc. It's been tried and actually works.
>
See previous message as why we don't want to allow this.
> What's more you don't even need /proc, just pass a file descriptor
> (with reference to mount in different namespace, etc.) to another
> process with SCM_RIGHTS, do fchrdir(fd), and then do mount --bind,
> etc. This actually works with an unmodified kernel.
It shouldn't. An unmodified kernel has check_mnt to keep you from doing
this.
>
>
>>>>detaching mountpoints in userspace:
>>>>http://marc.theaimsgroup.com/?l=linux-kernel&m=109880051800963&w=2
>>>
>>>
>>>What's wrong with sys_umount()?
>>
>>sys_umount only works with paths in current's namespace. It doesn't
>>allow you to handle vfsmounts as primaries in userspace.
>
>
> But it does. Again, either with fchdir() or /proc.
>
> fchdir() has the drawback of only working on directories, and that a
> process has only one CWD. The /proc approach has no such limitations.
>
Again, check_mnt won't let this happen.
Another limitation is that manipulating mounts in another namespace
breaks namespace->list locking.. Add that to a todo list if you still
think this is a good idea.
Mike Waychison
next prev parent reply other threads:[~2005-05-24 17:18 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-20 22:11 [RFC][PATCH] rbind across namespaces Ram
2005-05-21 6:27 ` Miklos Szeredi
2005-05-21 7:26 ` Ram
2005-05-21 8:09 ` Miklos Szeredi
2005-05-21 8:45 ` Ram
2005-05-21 9:09 ` Miklos Szeredi
2005-05-21 10:07 ` Ram
2005-05-21 13:12 ` Miklos Szeredi
2005-05-22 20:25 ` Ram
2005-05-22 20:51 ` Ram
2005-05-23 5:08 ` Miklos Szeredi
2005-05-23 7:24 ` Ram
2005-05-23 8:24 ` Miklos Szeredi
2005-05-21 9:48 ` Miklos Szeredi
2005-05-21 13:46 ` Jamie Lokier
2005-05-22 8:08 ` Miklos Szeredi
2005-05-22 17:04 ` [RFC][PATCH] /proc/dead_mounts support (Was: [RFC][PATCH] rbind across ...) Miklos Szeredi
2005-05-22 21:10 ` [RFC][PATCH] rbind across namespaces Ram
2005-05-23 5:07 ` Miklos Szeredi
2005-05-24 0:39 ` Mike Waychison
2005-05-24 5:43 ` Miklos Szeredi
2005-05-24 7:13 ` Mike Waychison
2005-05-24 8:25 ` Miklos Szeredi
2005-05-24 17:09 ` Mike Waychison
2005-05-24 17:31 ` Miklos Szeredi
2005-05-24 17:44 ` Mike Waychison
2005-05-24 17:56 ` Miklos Szeredi
2005-05-24 18:04 ` Mike Waychison
2005-05-30 19:06 ` Ram
2005-05-24 9:18 ` Miklos Szeredi
2005-05-24 17:15 ` Mike Waychison [this message]
2005-05-24 17:46 ` Miklos Szeredi
2005-05-24 18:15 ` Jamie Lokier
2005-05-24 18:33 ` Mike Waychison
2005-05-24 21:51 ` Jamie Lokier
2005-05-21 13:43 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4293612F.3000708@google.com \
--to=mikew@google.com \
--cc=akpm@osdl.org \
--cc=jamie@shareable.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxram@us.ibm.com \
--cc=miklos@szeredi.hu \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.