From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ram Pai <linuxram@us.ibm.com>
Subject: Re: [Devel] Re: [patch 05/10] add "permit user mounts in new
	namespace" clone flag
Date: Mon, 16 Apr 2007 02:49:01 -0700
Message-ID: <1176716941.9488.57.camel@ram.us.ibm.com>
References: <20070412164541.580374744@szeredi.hu>
	 <20070412164620.588752236@szeredi.hu>
	 <20070412203208.GG27772@sergelap.austin.ibm.com>
	 <m1mz1cq3v6.fsf@ebiederm.dsl.xmission.com>
	 <1176713221.9488.17.camel@ram.us.ibm.com>
	 <E1HdNZn-0006i9-00@dorka.pomaz.szeredi.hu>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Cc: devel@openvz.org, serue@us.ibm.com, linux-kernel@vger.kernel.org,
	containers@lists.osdl.org, viro@ftp.linux.org.uk,
	linux-fsdevel@vger.kernel.org, akpm@linux-foundation.org
To: Miklos Szeredi <miklos@szeredi.hu>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from e2.ny.us.ibm.com ([32.97.182.142]:35696 "EHLO e2.ny.us.ibm.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1030307AbXDPJuu (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 16 Apr 2007 05:50:50 -0400
In-Reply-To: <E1HdNZn-0006i9-00@dorka.pomaz.szeredi.hu>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Mon, 2007-04-16 at 11:32 +0200, Miklos Szeredi wrote:
> > > Given the existence of shared subtrees allowing/denying this at the
> > > mount
> > > namespace level is silly and wrong.
> > > 
> > > If we need more than just the filesystem permission checks can we
> > > make it a mount flag settable with mount and remount that allows
> > > non-privileged users the ability to create mount points under it
> > > in directories they have full read/write access to.
> > 
> > Also for bind-mount and remount operations the flag has to be propagated
> > down its propagation tree.  Otherwise a unpriviledged mount in a shared
> > mount wont get reflected in its peers and slaves, leading to unidentical
> > shared-subtrees.
> 
> That's an interesting question.  Do we want shared mounts to be
> totally identical, including mnt_flags?  It doesn't look as if
> do_remount() guarantees that currently.

Depends on the semantics of each of the flags. Some flags like of the
read/write flag, would not interfere with the propagation semantics
AFAICT.  But this one certainly seems to interfere.

RP

> Miklos