From: David Howells <dhowells@redhat.com>
To: ebiederm@xmission.com (Eric W. Biederman)
Cc: dhowells@redhat.com, viro@zeniv.linux.org.uk,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC][PATCH 00/14] VFS: Make all filesystems implement ->show_options()
Date: Fri, 07 Jul 2017 16:58:56 +0100 [thread overview]
Message-ID: <24033.1499443136@warthog.procyon.org.uk> (raw)
In-Reply-To: <87tw2qetbf.fsf@xmission.com>
Eric W. Biederman <ebiederm@xmission.com> wrote:
> > This makes it easier to implement a context-based mount where the options
> > are passed individually over a file descriptor. It also allows duplicate
> > options, options that override each other and ignored options to be
> > resolved rather than storing irrelevant data.
>
> This makes me a little nervous but is probably fine. But we do need
> to be careful with remount. Today the rule is all options that need
> to be preserved need to be passed to remount. Passing options in one by
> one looks like it may make it easy to get that confused while you are
> developing your patches.
Yeah. We actually currently get this *wrong* in both ext4 and btrfs - and
probably other disk filesystems too. During ext4 remount and btrfs remount,
the options are parsed directly into the live xxx_fs_info struct, but if
there's a parse error mid-way, we only partially apply the options and have no
idea where it went wrong and what the current state is.
What I'm looking it is breaking it down into a number of steps:
(1) Parse the options one at a time into a context struct.
(2) Once we've got all the options, validate the options we've been given
with respect to themselves.
(3) Under lock:
(a) Check the coherency of the options we've been given with respect to
the superblock (if new mount) or the current live state (if remount).
(b) Apply the options. This is not permitted to fail.
This gets more complicated under ext4 as you've got an extra option string
stored on disk that you also have to apply and combine with the options
presented to the mount interface.
> Options should be relative to the mount call. Which is almost always
> &init_user_ns and in the general case would be sb->s_user_ns.
I generally agree with this - my only doubt is that it might leak external
user/group IDs into a container. Not sure if that's really worth worrying
about, though.
'user' permitted mounts are handled in userspace by a SUID mount program,
right?
David
next prev parent reply other threads:[~2017-07-07 15:59 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-05 15:24 [RFC][PATCH 00/14] VFS: Make all filesystems implement ->show_options() David Howells
2017-07-05 15:24 ` [PATCH 01/14] VFS: Don't use save/replace_mount_options if not using generic_show_options David Howells
2017-07-05 15:30 ` Steven Rostedt
2017-07-05 15:33 ` David Howells
2017-07-05 18:54 ` Steven Rostedt
2017-07-05 18:50 ` Greg Kroah-Hartman
2017-07-10 16:15 ` David Sterba
2017-07-05 15:24 ` [PATCH 02/14] hugetlbfs: Implement show_options David Howells
2017-07-05 15:24 ` [PATCH 03/14] omfs: " David Howells
2017-07-07 18:28 ` Bob Copeland
2017-07-05 15:24 ` [PATCH 04/14] pstore: " David Howells
2017-07-05 17:10 ` Kees Cook
2017-07-07 16:00 ` David Howells
2017-07-05 15:24 ` [PATCH 05/14] ramfs: " David Howells
2017-07-05 15:24 ` [PATCH 06/14] bpf: " David Howells
2017-07-06 8:00 ` Daniel Borkmann
2017-07-05 15:24 ` [PATCH 07/14] spufs: " David Howells
2017-07-05 15:25 ` [PATCH 08/14] befs: " David Howells
2017-07-05 15:25 ` [PATCH 09/14] affs: " David Howells
2017-07-05 15:25 ` [PATCH 10/14] afs: " David Howells
2017-07-05 15:25 ` [PATCH 11/14] isofs: " David Howells
2017-07-11 15:22 ` [PATCH] isofs: Fix isofs_show_options() David Howells
2017-07-05 15:25 ` [PATCH 12/14] 9p: Implement show_options David Howells
2017-07-11 22:34 ` Yury Norov
2017-07-11 23:34 ` David Howells
2017-07-05 15:25 ` [PATCH 13/14] orangefs: " David Howells
2017-07-05 15:25 ` [PATCH 14/14] VFS: Kill off s_options and helpers David Howells
2017-07-05 16:34 ` [RFC][PATCH 00/14] VFS: Make all filesystems implement ->show_options() Eric W. Biederman
2017-07-07 15:58 ` David Howells [this message]
2017-07-08 15:33 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=24033.1499443136@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox