From: Marc MERLIN <marc@merlins.org>
To: Brendan Hide <brendan@swiftspirit.co.za>
Cc: linux-btrfs@vger.kernel.org
Subject: Re: Using mount -o bind vs mount -o subvol=vol
Date: Sun, 4 May 2014 17:56:44 -0700 [thread overview]
Message-ID: <20140505005644.GB10159@merlins.org> (raw)
In-Reply-To: <5365E74B.6020805@swiftspirit.co.za>
On Sun, May 04, 2014 at 09:07:55AM +0200, Brendan Hide wrote:
> On 2014/05/04 02:47 AM, Marc MERLIN wrote:
> >Is there any functional difference between
> >
> >mount -o subvol=usr /dev/sda1 /usr
> >and
> >mount /dev/sda1 /mnt/btrfs_pool
> >mount -o bind /mnt/btrfs_pool/usr /usr
> >
> >?
> >
> >Thanks,
> >Marc
> There are two "issues" with this.
> 1) There will be a *very* small performance penalty (negligible, really)
Oh, really, it's slower to mount the device directly? Not that I really
care, but that's unexpected.
> 2) Old snapshots and other supposedly-hidden subvolumes will be
> accessible under /mnt/btrfs_pool. This is a minor security concern
> (which of course may not concern you, depending on your use-case).
> There are a few similar minor security concerns - the
> recently-highlighted issue with old snapshots is the potential that
> old vulnerable binaries within a snapshot are still accessible
> and/or executable.
That's a fair point. I can of course make that mountpoint 0700, but it's
a valid concern in some cases (not for me though).
So thanks for confirming my understanding, it sounds like both are valid
and if you're already mounting the main pool like I am, that's the
easiest way.
Thanks,
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | PGP 1024R/763BE901
next prev parent reply other threads:[~2014-05-05 1:47 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-04 0:47 Using mount -o bind vs mount -o subvol=vol Marc MERLIN
2014-05-04 7:07 ` Brendan Hide
2014-05-05 0:56 ` Marc MERLIN [this message]
2014-05-05 4:13 ` Brendan Hide
2014-05-05 4:36 ` Roman Mamedov
2014-05-05 6:55 ` Brendan Hide
2014-05-06 17:34 ` Duncan
2014-05-05 5:22 ` Marc MERLIN
2014-05-05 2:12 ` Duncan
2014-05-07 10:55 ` Marc MERLIN
2014-05-07 12:31 ` Duncan
2014-05-05 13:54 ` Chris Mason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140505005644.GB10159@merlins.org \
--to=marc@merlins.org \
--cc=brendan@swiftspirit.co.za \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).