[Fwd: [PATCH 1/1] mount: shared-subtree support for mount]

[Fwd: [PATCH 1/1] mount: shared-subtree support for mount]

[Janak Desai]

[-- Attachment #1: Type: text/plain, Size: 146 bytes --]

As per Russell's request, I am posting this patch here as well, so 
broader selinux
community can also play with the shared tree feature.

-Janak

[-- Attachment #2: [PATCH 1/1] mount: shared-subtree support for mount --]
[-- Type: message/rfc822, Size: 9218 bytes --]

From: linuxram@us.ibm.com (Ram Pai)
To: janak@us.ibm.com
Cc: linuxram@us.ibm.com
Subject: [PATCH 1/1] mount: shared-subtree support for mount
Date: Wed, 19 Apr 2006 12:51:43 -0700 (PDT)
Message-ID: <20060419195143.19A08470030@localhost>

 This patch builds shared-subtree semantics awareness into the mount command.  
 Updates the man page for mount too.

 Signed-off-by: Ram Pai <linuxram@us.ibm.com>

 mount/mount.8           |   35 ++++++++++++++++++++++++++
 mount/mount.c           |   64 ++++++++++++++++++++++++++++++++++++++++++++++--
 mount/mount_constants.h |   12 +++++++++
 3 files changed, 109 insertions(+), 2 deletions(-)

Index: util-linux-2.13-pre6/mount/mount.c
===================================================================
--- util-linux-2.13-pre6.orig/mount/mount.c
+++ util-linux-2.13-pre6/mount/mount.c
@@ -72,11 +72,13 @@ int mount_all = 0;
 static int optfork = 0;
 
 /* Add volumelabel in a listing of mounted devices (-l). */
 static int list_with_volumelabel = 0;
 
-/* Nonzero for mount {--bind|--replace|--before|--after|--over|--move} */
+/* Nonzero for mount {--bind|--replace|--before|--after|--over|--move|
+ * 		       make-shared|make-private|make-unbindable|make-slave}
+ */
 static int mounttype = 0;
 
 /* True if ruid != euid.  */
 static int suid = 0;
 
@@ -104,10 +106,11 @@ struct opt_map {
 /* Options that we keep the mount system call from seeing.  */
 #define MS_NOSYS	(MS_NOAUTO|MS_USERS|MS_USER|MS_COMMENT|MS_LOOP)
 
 /* Options that we keep from appearing in the options field in the mtab.  */
 #define MS_NOMTAB	(MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER)
+#define MS_PROPAGATION  (MS_SHARED|MS_SLAVE|MS_UNBINDABLE|MS_PRIVATE)
 
 /* Options that we make ordinary users have by default.  */
 #define MS_SECURE	(MS_NOEXEC|MS_NOSUID|MS_NODEV)
 
 /* Options that we make owner-mounted devices have by default */
@@ -338,10 +341,13 @@ parse_opts (const char *options, int *fl
 
 	if (readonly)
 		*flags |= MS_RDONLY;
 	if (readwrite)
 		*flags &= ~MS_RDONLY;
+
+	if (mounttype & MS_PROPAGATION)
+		*flags &= ~MS_BIND;
 	*flags |= mounttype;
 }
 
 /* Try to build a canonical options string.  */
 static char *
@@ -857,17 +863,19 @@ retry_nfs:
   if (fake || mnt5_res == 0) {
       /* Mount succeeded, report this (if verbose) and write mtab entry.  */
       if (loop)
 	  opt_loopdev = loopdev;
 
-      update_mtab_entry(loop ? loopfile : spec,
+      if (!(mounttype & MS_PROPAGATION)) {
+	      update_mtab_entry(loop ? loopfile : spec,
 			node,
 			types ? types : "unknown",
 			fix_opts_string (flags & ~MS_NOMTAB, extra_opts, user),
 			flags,
 			freq,
 			pass);
+      }
 
       block_signals (SIG_UNBLOCK);
       res = 0;
       goto out;
   }
@@ -1402,10 +1410,18 @@ static struct option longopts[] = {
 	{ "before", 0, 0, 131 },
 	{ "over", 0, 0, 132 },
 	{ "move", 0, 0, 133 },
 	{ "guess-fstype", 1, 0, 134 },
 	{ "rbind", 0, 0, 135 },
+	{ "make-shared", 0, 0, 136 },
+	{ "make-slave", 0, 0, 137 },
+	{ "make-private", 0, 0, 138 },
+	{ "make-unbindable", 0, 0, 139 },
+	{ "make-rshared", 0, 0, 140 },
+	{ "make-rslave", 0, 0, 141 },
+	{ "make-rprivate", 0, 0, 142 },
+	{ "make-runbindable", 0, 0, 143 },
 	{ "internal-only", 0, 0, 'i' },
 	{ NULL, 0, 0, 0 }
 };
 
 /* Keep the usage message at max 22 lines, each at most 70 chars long.
@@ -1428,10 +1444,21 @@ usage (FILE *fp, int n) {
 	  "a filesystem (of the given type) found on the device.\n"
 	  "One can also mount an already visible directory tree elsewhere:\n"
 	  "       mount --bind olddir newdir\n"
 	  "or move a subtree:\n"
 	  "       mount --move olddir newdir\n"
+	  "One can change the type of mount containing the directory dir:\n"
+	  "       mount --make-shared dir\n"
+	  "       mount --make-slave dir\n"
+	  "       mount --make-private dir\n"
+	  "       mount --make-unbindable dir\n"
+	  "One can change the type of all the mounts in a mount subtree\n"
+	  "containing the directory dir:\n"
+	  "       mount --make-rshared dir\n"
+	  "       mount --make-rslave dir\n"
+	  "       mount --make-rprivate dir\n"
+	  "       mount --make-runbindable dir\n"
 	  "A device can be given by name, say /dev/hda1 or /dev/cdrom,\n"
 	  "or by label, using  -L label  or by uuid, using  -U uuid .\n"
 	  "Other options: [-nfFrsvw] [-o options] [-p passwdfd].\n"
 	  "For many more details, say  man 8 mount .\n"
 	));
@@ -1579,10 +1606,43 @@ main(int argc, char *argv[]) {
 			exit(fstype ? 0 : EX_FAIL);
 		    }
 		case 135:
 			mounttype = (MS_BIND | MS_REC);
 			break;
+
+		case 136:
+			mounttype = MS_SHARED;
+			break;
+
+		case 137:
+			mounttype = MS_SLAVE;
+			break;
+
+		case 138:
+			mounttype = MS_PRIVATE;
+			break;
+
+		case 139:
+			mounttype = MS_UNBINDABLE;
+			break;
+
+		case 140:
+			mounttype = (MS_SHARED | MS_REC);
+			break;
+
+		case 141:
+			mounttype = (MS_SLAVE | MS_REC);
+			break;
+
+		case 142:
+			mounttype = (MS_PRIVATE | MS_REC);
+			break;
+
+		case 143:
+			mounttype = (MS_UNBINDABLE | MS_REC);
+			break;
+
 		case '?':
 		default:
 			usage (stderr, EX_USAGE);
 		}
 	}
Index: util-linux-2.13-pre6/mount/mount_constants.h
===================================================================
--- util-linux-2.13-pre6.orig/mount/mount_constants.h
+++ util-linux-2.13-pre6/mount/mount_constants.h
@@ -55,10 +55,22 @@ if we have a stack or plain mount - moun
 #define MS_REC		0x4000	/* 16384: Recursive loopback */
 #endif
 #ifndef MS_VERBOSE
 #define MS_VERBOSE	0x8000	/* 32768 */
 #endif
+#ifndef MS_UNBINDABLE
+#define MS_UNBINDABLE	(1<<17)	/* 131072 unbindable*/
+#endif
+#ifndef MS_PRIVATE
+#define MS_PRIVATE	(1<<18)	/* 262144 Private*/
+#endif
+#ifndef MS_SLAVE
+#define MS_SLAVE	(1<<19)	/* 524288 Slave*/
+#endif
+#ifndef MS_SHARED
+#define MS_SHARED	(1<<20)	/* 1048576 Shared*/
+#endif
 /*
  * Magic mount flag number. Had to be or-ed to the flag values.
  */
 #ifndef MS_MGC_VAL
 #define MS_MGC_VAL 0xC0ED0000	/* magic flag number to indicate "new" flags */
Index: util-linux-2.13-pre6/mount/mount.8
===================================================================
--- util-linux-2.13-pre6.orig/mount/mount.8
+++ util-linux-2.13-pre6/mount/mount.8
@@ -129,10 +129,45 @@ to another place. The call is
 .RS
 .br
 .B "mount --move olddir newdir"
 .RE
 
+Since Linux 2.6.15 it is possible to mark a mount and its submounts as shared,
+private, slave or unbindable. A shared mount provides ability to create mirrors
+of that mount such that mounts and umounts within any of the mirrors propagate
+to the other mirror. A slave mount receives propagation from its master, but
+any not vice-versa.  A private mount carries no propagation abilities.  A
+unbindable mount is a private mount which cannot cloned through a bind
+operation. Detailed semantics is documented in Documentation/sharedsubtree.txt
+file in the kernel source tree.
+.RS
+.br
+.B "mount --make-shared mountpoint"
+.br
+.B "mount --make-slave mountpoint"
+.br
+.B "mount --make-private mountpoint"
+.br
+.B "mount --make-unbindable mountpoint"
+.br
+.RE
+
+The following commands allows one to recursively change the type of all the
+mounts under a given mountpoint.
+.RS
+.br
+.B "mount --make-rshared mountpoint"
+.br
+.B "mount --make-rslave mountpoint"
+.br
+.B "mount --make-rprivate mountpoint"
+.br
+.B
+"mount --make-runbindable mountpoint"
+.br
+.RE
+
 The
 .I proc
 file system is not associated with a special device, and when
 mounting it, an arbitrary keyword, such as
 .I proc

Re: [Fwd: [PATCH 1/1] mount: shared-subtree support for mount]

[Russell Coker]

On Wednesday 10 May 2006 00:27, Janak Desai <janak@us.ibm.com> wrote:
> As per Russell's request, I am posting this patch here as well, so
> broader selinux
> community can also play with the shared tree feature.

Thanks for that.

I just built mount with that patch and tried it out but it doesn't seem to 
work.  I run the following command from root login:
mount --make-private --bind /tmp/tmp.inst-user-user /tmp

Then when I inspect /tmp from other sessions it seems that the change is 
global.

Does the rawhide kernel 2.6.16-1.2196_FC6 lack support for this or did I get 
the command-line wrong?

Also from the documentation it seems that such a private mount does all we 
need without any need to call unshare().  Is my understanding of this 
correct?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [Fwd: [PATCH 1/1] mount: shared-subtree support for mount]

[Janak Desai]

I am copying Ram Pai on this since he created the patch.

Russell Coker wrote:

>On Wednesday 10 May 2006 00:27, Janak Desai <janak@us.ibm.com> wrote:
>  
>
>>As per Russell's request, I am posting this patch here as well, so
>>broader selinux
>>community can also play with the shared tree feature.
>>    
>>
>
>Thanks for that.
>
>I just built mount with that patch and tried it out but it doesn't seem to 
>work.  I run the following command from root login:
>mount --make-private --bind /tmp/tmp.inst-user-user /tmp
>
>Then when I inspect /tmp from other sessions it seems that the change is 
>global.
>
>Does the rawhide kernel 2.6.16-1.2196_FC6 lack support for this or did I get 
>the command-line wrong?
>  
>
Shared subtree support went into main line from 2.6.15 so the rawhide 
kernel should
have support for this.

>Also from the documentation it seems that such a private mount does all we 
>need without any need to call unshare().  Is my understanding of this 
>correct?
>  
>
Yes, that's correct. Shared sub-tree feature does not need unshare() 
system call.

-Janak


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [Fwd: [PATCH 1/1] mount: shared-subtree support for mount]

[Russell Coker]

On Saturday 13 May 2006 03:24, Ram Pai <linuxram@us.ibm.com> wrote:
> > >I just built mount with that patch and tried it out but it doesn't seem
> > > to work.  I run the following command from root login:
> > >mount --make-private --bind /tmp/tmp.inst-user-user /tmp
> > >
> > >Then when I inspect /tmp from other sessions it seems that the change is
> > >global.
> > >
> > >Does the rawhide kernel 2.6.16-1.2196_FC6 lack support for this or did I
> > > get the command-line wrong?
>
> What is being attempted to accomplish?

The attempt is to have a poly-instantiated version of /tmp where every user 
sees a different version.

> Are u trying to bind /tmp/tmp.inst-user-user to /tmp
> as well as make both of them private?

I want to make the bind mount private and have everything else shared.

> I would make the bind call first and than
> in a separate command  will make the mounts private.

That would not be viable for real use as it has a race condition.

mount --bind /tmp/tmp.inst-user-user /tmp
mount --make-private /tmp

I tried the above commands, but the result was the same.  Even though mount 
returned 0 as the exit code and displayed no error message the --make-private 
command seemed to have no effect.  The result was that /tmp was replaced for 
everyone.

> But in any case I dont know what is being attempted to
> accomplish?  Is /tmp/tmp.inst-user-user has a mount which is already
> shared?

/tmp/tmp.inst-user-user is a subdirectory of /tmp.

> --make-private makes the mount private. It does not mean the contents of
> the mounts at /tmp/tmp.inst-user-user and /tmp will be different. They
> will continue to be same.

What does making the mount private mean if it doesn't prevent it from being 
seen by other sessions?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.