From: Seth Forshee <seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Miklos Szeredi <miklos-sUDqSbJrdHQHWmgEVkV9KA@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
James Bottomley
<James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Djalal Harouni <tixxdz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Subject: Re: [PATCH review 02/13] mnt: Refactor fs_fully_visible into mount_too_revealing
Date: Wed, 22 Jun 2016 14:40:50 -0500 [thread overview]
Message-ID: <20160622194050.GD125285@ubuntu-hedt> (raw)
In-Reply-To: <20160620172130.15712-2-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
On Mon, Jun 20, 2016 at 12:21:19PM -0500, Eric W. Biederman wrote:
> Replace the call of fs_fully_visible in do_new_mount from before the
> new superblock is allocated with a call of mount_too_revealing after
> the superblock is allocated. This winds up being a much better location
> for maintainability of the code.
>
> The first change this enables is the replacement of FS_USERNS_VISIBLE
> with SB_I_USERNS_VISIBLE. Moving the flag from struct filesystem_type
> to sb_iflags on the superblock.
>
> Unfortunately mount_too_revealing fundamentally needs to touch
> mnt_flags adding several MNT_LOCKED_XXX flags at the appropriate
> times. If the mnt_flags did not need to be touched the code
> could be easily moved into the filesystem specific mount code.
>
> Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Acked-by: Seth Forshee <seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
next prev parent reply other threads:[~2016-06-22 19:40 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-20 17:09 [PATCH review 0/13] Adding a userns owner to struct super_block Eric W. Biederman
[not found] ` <87fus77pns.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-06-20 17:21 ` [PATCH review 01/13] mnt: Account for MS_RDONLY in fs_fully_visible Eric W. Biederman
[not found] ` <20160620172130.15712-1-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-06-20 17:21 ` [PATCH review 02/13] mnt: Refactor fs_fully_visible into mount_too_revealing Eric W. Biederman
[not found] ` <20160620172130.15712-2-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-06-20 22:53 ` Andy Lutomirski
[not found] ` <CALCETrXv2aeP38AmUaRVMC+O-oeWKwDcy8fPfsOCu1f8mncZEA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-06-21 18:54 ` Eric W. Biederman
[not found] ` <874m8m4bky.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-06-23 21:23 ` Djalal Harouni
2016-06-24 6:56 ` Serge E. Hallyn
2016-06-22 19:40 ` Seth Forshee [this message]
2016-06-20 17:21 ` [PATCH review 03/13] ipc: Initialize ipc_namespace->user_ns early Eric W. Biederman
[not found] ` <20160620172130.15712-3-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-06-24 14:34 ` Djalal Harouni
2016-06-20 17:21 ` [PATCH review 04/13] vfs: Pass data, ns, and ns->userns to mount_ns Eric W. Biederman
2016-06-20 17:21 ` [PATCH review 05/13] proc: Convert proc_mount to use mount_ns Eric W. Biederman
[not found] ` <20160620172130.15712-5-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-06-23 11:50 ` Djalal Harouni
2016-06-20 17:21 ` [PATCH review 06/13] fs: Add user namespace member to struct super_block Eric W. Biederman
2016-06-20 17:21 ` [PATCH review 07/13] mnt: Move the FS_USERNS_MOUNT check into sget_userns Eric W. Biederman
[not found] ` <20160620172130.15712-7-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-06-22 19:43 ` Seth Forshee
2016-06-20 17:21 ` [PATCH review 08/13] kernfs: The cgroup filesystem also benefits from SB_I_NOEXEC Eric W. Biederman
2016-06-20 17:21 ` [PATCH review 09/13] ipc/mqueue: The mqueue filesystem should never contain executables Eric W. Biederman
2016-06-20 17:21 ` [PATCH review 10/13] vfs: Generalize filesystem nodev handling Eric W. Biederman
[not found] ` <20160620172130.15712-10-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-06-20 22:57 ` Andy Lutomirski
[not found] ` <CALCETrUWsnRgjyRyb+_0u0PYubx9gg=hUAso=073yjJY+m205g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-06-21 19:09 ` Eric W. Biederman
2016-06-20 17:21 ` [PATCH review 11/13] mnt: Simplify mount_too_revealing Eric W. Biederman
[not found] ` <20160620172130.15712-11-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-06-22 19:48 ` Seth Forshee
2016-06-20 17:21 ` [PATCH review 12/13] userns: Remove implicit MNT_NODEV fragility Eric W. Biederman
[not found] ` <20160620172130.15712-12-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-06-20 22:58 ` Andy Lutomirski
2016-06-22 19:49 ` Seth Forshee
2016-06-20 17:21 ` [PATCH review 13/13] userns: Remove the now unnecessary FS_USERNS_DEV_MOUNT flag Eric W. Biederman
[not found] ` <20160620172130.15712-13-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-06-22 19:50 ` Seth Forshee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160622194050.GD125285@ubuntu-hedt \
--to=seth.forshee-z7wlfzj8ewms+fvcfc7uqw@public.gmane.org \
--cc=James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=miklos-sUDqSbJrdHQHWmgEVkV9KA@public.gmane.org \
--cc=tixxdz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox