From: Anders Blomdell <anders.blomdell@control.lth.se>
To: Alexander Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: It would be preferable to do a mount --bind --make-private in one atomic action
Date: Wed, 23 Nov 2011 15:05:28 +0100 [thread overview]
Message-ID: <4ECCFDA8.7090704@control.lth.se> (raw)
The rationale is the race problems I recently found with pam_namspace
(see https://bugzilla.redhat.com/show_bug.cgi?id=755216). The following
small script and it's output shows what pam_namespace essentially does
does, and the problems that might occur; assume that /work is
automounted, then the following really confuses things:
(
echo '# Empty work'
findmnt | cut -c1-30 | grep work
echo '# First primary mount on work'
ls -ld /work/Fedora-16/.
findmnt | cut -c1-30 | grep work
unshare --mount -- /bin/sh -c "(
mount --bind /work /work ;
mount --make-private /work ;
mount --bind /tmp /work ;
echo '# Detached mount of work' ;
findmnt | cut -c1-30 | grep work ;
sleep 5 ;
echo '# Before detached unmount of private work' ;
findmnt | cut -c1-30 | grep work;
umount /work ;
echo '# Before detached unmount of bound work' ;
findmnt | cut -c1-30 | grep work;
echo '# Weird detached automount behaviour' ;
ls -ld /work/Fedora-15/. ;
umount /work ;
echo '# Detached unmount') &"
sleep 1
echo '# Second primary mount on work'
ls -ld /work/Fedora-15/.
findmnt | cut -c1-30 | grep work
echo '# First primary mount on work no longer accessible'
ls -ld /work/Fedora-16/.
sleep 10
echo '# And the final remaining cruft'
findmnt | cut -c1-30 | grep work
)
Which gives the following output (no wonder I had problems understanding
what went wrong with my machines :-():
# Empty work
├─/work
# First primary mount on work
drwxr-xr-x 4 root root 4096 Nov 23 09:37 /work/Fedora-16/.
├─/work
│ └─/work/Fedora-16
# Detached mount of work
├─/work
│ ├─/work/Fedora-16
│ └─/work
│ └─/work
# Second primary mount on work
drwxr-xr-x 4 root root 4096 Nov 23 09:36 /work/Fedora-15/.
├─/work
│ ├─/work/Fedora-16
│ ├─/work
│ │ └─/work/Fedora-15
│ └─/work/Fedora-15
# First primary mount on work no longer accessible
ls: cannot access /work/Fedora-16/.: Too many levels of symbolic links
# Before detached unmount of private work
├─/work
│ ├─/work/Fedora-16
│ ├─/work
│ │ └─/work
│ └─/work/Fedora-15
# Before detached unmount of bound work
├─/work
│ ├─/work/Fedora-16
│ ├─/work
│ └─/work/Fedora-15
# Weird detached automount behaviour
ls: cannot access /work/Fedora-15/.: Too many levels of symbolic links
# Detached unmount
# And the final remaining cruft
├─/work
│ ├─/work/Fedora-16
│ ├─/work
│ │ └─/work/Fedora-15
│ └─/work/Fedora-15
--
Anders Blomdell Email: anders.blomdell@control.lth.se
Department of Automatic Control
Lund University Phone: +46 46 222 4625
P.O. Box 118 Fax: +46 46 138118
SE-221 00 Lund, Sweden
next reply other threads:[~2011-11-23 14:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-23 14:05 Anders Blomdell [this message]
2011-11-23 21:48 ` It would be preferable to do a mount --bind --make-private in one atomic action Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ECCFDA8.7090704@control.lth.se \
--to=anders.blomdell@control.lth.se \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.