From mboxrd@z Thu Jan 1 00:00:00 1970 From: Neil Brown Subject: Re: [RFC 0/28] Patches to pass vfsmount to LSM inode security hooks Date: Tue, 6 Feb 2007 21:26:14 +1100 Message-ID: <17864.22470.113271.293084@notabene.brown> References: <20070205182213.12164.40927.sendpatchset@ermintrude.int.wirex.com> <1170701906.5934.41.camel@lade.trondhjem.org> <20070205190230.GA23104@infradead.org> <200702051920.36057.agruen@suse.de> <20070206094709.GB5328@infradead.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Andreas Gruenbacher , Trond Myklebust , Tony Jones , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, chrisw@sous-sol.org, linux-security-module@vger.kernel.org, viro@zeniv.linux.org.uk To: Christoph Hellwig Return-path: In-Reply-To: message from Christoph Hellwig on Tuesday February 6 Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Tuesday February 6, hch@infradead.org wrote: > On Mon, Feb 05, 2007 at 07:20:35PM -0800, Andreas Gruenbacher wrote: > > It's actually not hard to "fix", and nfsd would look a little less weird. But > > what would this add, what do pathnames mean in the context of nfsd, and would > > nfsd actually become less weird? > > It's not actually a pathname we care about, but a vfsmount + dentry > combo. That one means as much in nfsd as elsewhere. We want nfsd > to obey r/o or noatime mount flags if /export/foo is exported with them > but /foo not. Even better would be to change nfsd so it creates it's > own non-visible vfsmount for the filesystems it exports.. What would be the benefit of having private non-visible vfsmounts? Sounds like a recipe for confusion? It is possible that mountd might start doing bind-mounts to create the 'pseudo filesystem' thing for NFSv4, but they would be very visible (under /var/lib/nfs/v4root or something). So having it's own vfsmount might make sense, but I don't get 'non-visible'. NeilBrown