Re: [patch 01/26] mount options: add documentation
On Wed, Jan 30, 2008 at 10:09:03AM +0100, Miklos Szeredi wrote: - loop: how is the connection between file and loop device maintained? We also discussed this with Karel, maybe it didn't make it onto lkml. The proposed solution was to store the loop flag separately in a file under /var. It could just be an empty file for each such loop device: /var/lib/mount/loops/loop0 This file is created by mount(8) if the '-oloop' option is given. And umount(8) automatically tears down the loop device if it finds this file. It seems we needn't this solution. There is loop auto-destruction patch in -mm. Kernel part: http://marc.info/?l=linux-kernelm=119361296818388w=2 mount(8) part: http://marc.info/?l=util-linux-ngm=119362955431694w=2 So, with this patch mount(8) needn't to maintain info about loops and umount(8) doesn't need to call LOOP_CLR_FD ioctl, because umount(2) is enough. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch] VFS: extend /proc/mounts
On Thu, Jan 17, 2008 at 09:36:11AM +0100, Miklos Szeredi wrote: I'd suggest doing a new file that would *not* try to imitate /etc/mtab. Another thing is, how much of propagation information do we want to be exposed and what do we intend to do with it? I think the scheme devised by Ram is basically right. It shows the relationships (slave, peer) and the ID of a master/peer mount. Yes. It also shows the full relationship between source and destination for bind mounts. Now the /proc/mounts is useless: # mount --bind /mnt/test /mnt/test2 # cat /proc/mounts | grep test /dev/root /mnt/test2 ext3 rw,noatime,data=ordered 0 0 What do we want to *do* with the information about propagation? Just feedback about the state of the thing. It's very annoying, that after setting up propagation, it's impossible to check the result. Exactly. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[ANNOUNCE] util-linux-ng 2.13.1 (stable)
Util-linux-ng 2.13.1 Release Notes == Fixed security issues: - CVE-2007-5191 - mount(8) doesn't drop privileges properly when calling helpers Changelog: - For more details see ChangeLog files at: ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/ blockdev: - add --getsz to blockdev.8 [Karel Zak] - add missing description about option --report in manpage [Li Zefan] build-sys: - fix localedir (unsupported by autoconf 2.60) [Karel Zak] - nls/locale handling in util-linux-ng general [Mike Frysinger] - release++ [Karel Zak] - release++ (-rc2) [Karel Zak] - remove files that are no longer delivered from git [LaMont Jones] - remove hardcoded _GNU_SOURCE [Karel Zak] cal: - add description about option -V to manpage [Li Zefan] chfn: - add pam_end() call and cleanup PAM code [Karel Zak] chsh: - should use pam_end function to terminate the PAM transaction [Yu Zhiguo, Karel Zak] docs: - add info about .bugfix releases and branches [Karel Zak] - add note about incorrect tag 2.13.1 [Karel Zak] - add v2.13.1 ReleaseNotes [Karel Zak] - fix ChangeLog URL [Pascal Terjan] - fix stable branche name in README.devel [Karel Zak] - update AUTHORS file [Karel Zak] - update AUTHORS file, add all translators [Karel Zak] - update ReleaseNotes [Karel Zak] fdisk: - fix typo [Karel Zak] flock: - typo in man page [A. Costa] getopt: - fix path to examples in getopt.1 [Karel Zak] hwclock: - check for ENODEV [David Woodhouse] - fix --rtc option [Matthias Koenig, Karel Zak] ionice: - add a note about permissions to ionice.1 [Karel Zak] login: - login segfaults on EOF (rh#298461) [Karel Zak] losetup: - fix errno usage [Karel Zak] mkswap: - possible to crash with SELinux relabeling support [KaiGai Kohei] mount: - -L|-U segfault when label or uuid doesn't exist [Karel Zak] - chain of symlinks to fstab causes use of pointer after free [Norbert Buchmuller] - doesn't drop privileges properly when calling helpers [Ludwig Nussel] - don't call canonicalize(SPEC) for cifs, smbfs and nfs [Karel Zak] - fix fd leak [Matthias Koenig] - improve error message when helper program not present [LaMont Jones] pg: - fix segfault on search [Rajeev V. Pillai] po: - add eu.po (from translationproject.org) [Mikel Olasagasti] - add pl.po (from translationproject.org) [Andrzej Krzysztofowicz] - fix typo in de.po [Karel Zak] - merge files [Karel Zak] - update ca.po (from translationproject.org) [Josep Puigdemont] - update cs.po (from translationproject.org) [Petr Pisar] - update da.po (from translationproject.org) [Claus Hindsgaul] - update de.po (from translationproject.org) [Michael Piefel] - update es.po (from translationproject.org) [Santiago Vila Doncel] - update et.po (from translationproject.org) [Meelis Roos] - update eu.po (from translationproject.org) [Mikel Olasagasti] - update fi.po (from translationproject.org) [Lauri Nurmi] - update fr.po (from translationproject.org) [Michel Robitaille] - update hu.po (from translationproject.org) [Gabor Kelemen] - update id.po (from translationproject.org) [Arif E. Nugroho] - update it.po (from translationproject.org) [Marco Colombo] - update ja.po (from translationproject.org) [Daisuke Yamashita] - update nl.po (from translationproject.org) [Benno Schulenberg] - update pl.po (from translationproject.org) [Andrzej Krzysztofowicz] - update po files [Karel Zak] - update pt_BR.po (from translationproject.org) [Rodrigo Stulzer Lopes] - update ru.po (from translationproject.org) [Pavel Maryanov] - update sl.po (from translationproject.org) [Simon Mihevc] - update sv.po (from translationproject.org) [Daniel Nylander] - update tr.po (from translationproject.org) [Nilgün Belma Bugüner] - update uk.po (from translationproject.org) [Maxim V. Dziumanenko] - update vi.po (from translationproject.org) [Clytie Siddall] rename: - add description about option -V to manpage [Li Zefan] - remove useless variable [Li Zefan] script: - dies on SIGWINCH [Karel Zak] setarch: - adding groff symlinks to setarch manual page [Arkadiusz Miskiewicz] - fix compiler warning [LaMont Jones] - generate groff links in a better way [Karel Zak] sfdisk: - allow partitioning drives of over 2^31 sectors. [Kunihiko IMAI] sys-utils: - correct setarch.8 manpage link creation [Frédéric Bothamy] tests: - fix blkid cache usage [Karel Zak] AUTHORS| 46 +- NEWS | 25 +- README |3 +- README.devel | 14 +- config/include-Makefile.am |1 + configure.ac |3 +- disk-utils/blockdev.8 | 17 +- disk-utils/fsck.cramfs.c |1 - disk-utils/mkfs.cramfs.c |2 +- disk-utils
Re: [patch] VFS: extend /proc/mounts
On Wed, Jan 16, 2008 at 02:30:51PM -0800, Andrew Morton wrote: On Wed, 16 Jan 2008 23:12:31 +0100 Miklos Szeredi [EMAIL PROTECTED] wrote: In theory it could break userspace, but I think it's very unlikely to do so, because stuff is added only at the end of the lines, and because most programs probably parse it through the libc interface which is not broken by this change. Despite this, it should be tested on as many systems as possible. Seems like a plain bad idea to me. There will be any number of home-made /proc/mounts parsers and we don't know what they do. So, let's use /proc/mounts_v2 ;-) Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 6/9] unprivileged mounts: allow unprivileged mounts
On Tue, Jan 08, 2008 at 12:35:08PM +0100, Miklos Szeredi wrote: Define a new fs flag FS_SAFE, which denotes, that unprivileged mounting of this filesystem may not constitute a security problem. Since most filesystems haven't been designed with unprivileged mounting in mind, a thorough audit is needed before setting this flag. For safe filesystems also allow unprivileged forced unmounting. What about to list safe filesystems anywhere in /proc/fs/ ? I think it's very important information for admins. Note, your patch for mount(8) is always trying to use unprivileged mount(2) for non-root users. It's overkill when unprivileged mounts are supported for bind mounts and fuse only. It would be nice to check if FS is safe before switch to unprivileged mode. The safe definition is also very subjective and it depends on your level of paranoia. There should be a way (e.g. /proc) how control and modify the list of safe filesystems. For example I have no problem to mark cifs as safe for my home server. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 5/9] unprivileged mounts: allow unprivileged bind mounts
On Wed, Jan 09, 2008 at 01:45:09PM +0100, Jan Engelhardt wrote: On Jan 8 2008 20:08, Miklos Szeredi wrote: On Tue, 2008-01-08 at 12:35 +0100, Miklos Szeredi wrote: +static int reserve_user_mount(void) +{ + int err = 0; + + spin_lock(vfsmount_lock); + if (nr_user_mounts = max_user_mounts !capable(CAP_SYS_ADMIN)) + err = -EPERM; + else + nr_user_mounts++; + spin_unlock(vfsmount_lock); + return err; +} Would -ENOSPC or -ENOMEM be a more descriptive error here? The logic behind EPERM, is that this failure is only for unprivileged callers. ENOMEM is too specifically about OOM. It could be changed to ENOSPC, ENFILE, EMFILE, or it could remain EPERM. What do others think? ENOSPC: No space remaining on device = 'wth'. ENOMEM: I usually think of a userspace OOM (e.g. malloc'ed out all of your 32-bit address space on 32-bit processes) EMFILE: Too many open files ENFILE: Too many open files in system. ENFILE seems like a temporary winner among these four. I see EMFILE, it's still supported by the latest mount(8). Back in the old days, when the number of mounts was limited in Linux, what error value did it return? That one could be used. Copy past from mount-0.99.2: /* Mount failed, complain, but don't die. */ switch (mnt_err) { case EPERM: if (geteuid() == 0) error (mount: mount point %s is not a directory, node); else error (mount: must be superuser to use mount); break; case EBUSY: error (mount: wrong fs type, %s already mounted, %s busy, or other error, spec, node); break; case ENOENT: error (mount: mount point %s does not exist, node); break; case ENOTDIR: error (mount: mount point %s is not a directory, node); break; case EINVAL: error (mount: %s not a mount point, spec); break; case EMFILE: error (mount table full); break; case EIO: error (mount: %s: can't read superblock, spec); break; case ENODEV: error (mount: fs type %s not supported by kernel, type); break; case ENOTBLK: error (mount: %s is not a block device, spec); break; case ENXIO: error (mount: %s is not a valid block device, spec); break; case EACCES: error (mount: block device %s is not permitted on its filesystem, spec); break; default: error (mount: %s, strerror (mnt_err)); break; } Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[ANNOUNCE] util-linux-ng 2.13.1-rc2
The second util-linux-ng 2.13.1 release candidate is available at ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/ (Note, 2.13.1 is stable maintenance release.) Feedback and bug reports, as always, are welcomed. Karel v2.13.1-rc2 Changelog: -- blockdev: - add --getsz to blockdev.8 [Karel Zak] build-sys: - release++ (-rc2) [Karel Zak] - remove hardcoded _GNU_SOURCE [Karel Zak] docs: - add note about incorrect tag 2.13.1 [Karel Zak] - update AUTHORS file, add all translators [Karel Zak] - update ReleaseNotes [Karel Zak] getopt: - fix path to examples in getopt.1 [Karel Zak] hwclock: - check for ENODEV [David Woodhouse] mount: - don't call canonicalize(SPEC) for cifs, smbfs and nfs [Karel Zak] - fix fd leak [Matthias Koenig] po: - add eu.po (from translationproject.org) [Mikel Olasagasti] - add pl.po (from translationproject.org) [Andrzej Krzysztofowicz] - update ca.po (from translationproject.org) [Josep Puigdemont] - update cs.po (from translationproject.org) [Petr Pisar] - update da.po (from translationproject.org) [Claus Hindsgaul] - update de.po (from translationproject.org) [Michael Piefel] - update es.po (from translationproject.org) [Santiago Vila Doncel] - update et.po (from translationproject.org) [Meelis Roos] - update fi.po (from translationproject.org) [Lauri Nurmi] - update fr.po (from translationproject.org) [Michel Robitaille] - update hu.po (from translationproject.org) [Gabor Kelemen] - update id.po (from translationproject.org) [Arif E. Nugroho] - update it.po (from translationproject.org) [Marco Colombo] - update ja.po (from translationproject.org) [Daisuke Yamashita] - update nl.po (from translationproject.org) [Benno Schulenberg] - update po files [Karel Zak] - update pt_BR.po (from translationproject.org) [Rodrigo Stulzer Lopes] - update ru.po (from translationproject.org) [Pavel Maryanov] - update sl.po (from translationproject.org) [Simon Mihevc] - update sv.po (from translationproject.org) [Daniel Nylander] - update tr.po (from translationproject.org) [Nilgün Belma Bugüner] - update uk.po (from translationproject.org) [Maxim V. Dziumanenko] - update vi.po (from translationproject.org) [Clytie Siddall] sfdisk: - allow partitioning drives of over 2^31 sectors. [Kunihiko IMAI] v2.13.1-rc2 diffstat: - AUTHORS | 38 +- NEWS |5 + README.devel |4 + configure.ac |2 +- disk-utils/blockdev.8 |9 +- disk-utils/fsck.cramfs.c |1 - docs/v2.13.1-ReleaseNotes | 36 +- fdisk/sfdisk.c|3 +- getopt/getopt.1 |5 +- hwclock/rtc.c |2 +- mount/lomount.c |1 + mount/mount.c | 21 +- po/ca.po | 258 +- po/cs.po | 324 +- po/da.po | 256 +- po/de.po | 540 ++-- po/es.po | 275 +- po/et.po | 441 +-- po/eu.po | 9466 po/fi.po | 240 +- po/fr.po | 281 +- po/hu.po | 1735 + po/id.po | 291 +- po/it.po | 306 +- po/ja.po | 501 +-- po/nl.po | 328 +- po/pl.po | 9467 + po/pt_BR.po | 708 ++-- po/ru.po | 280 +- po/sl.po | 260 +- po/sv.po | 291 +- po/tr.po | 286 +- po/uk.po | 274 +- po/util-linux-ng.pot | 240 +- po/vi.po | 310 +- schedutils/chrt.c |2 - schedutils/taskset.c |2 - sys-utils/setarch.c |4 - 38 files changed, 23079 insertions(+), 4414 deletions(-) -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[ANNOUNCE] util-linux-ng 2.13.1-rc1
The first util-linux-ng 2.13.1 release candidate is available at ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/ (Note, 2.13.1 is stable maintenance release.) Feedback and bug reports, as always, are welcomed. Karel Util-linux-ng 2.13.1 Release Notes == Fixed security issues: - CVE-2007-5191 - mount(8) doesn't drop privileges properly when calling helpers Changelog: - For more details see ChangeLog files at: ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/ blockdev: - add missing description about option --report in manpage [Li Zefan] build-sys: - fix localedir (unsupported by autoconf 2.60) [Karel Zak] - nls/locale handling in util-linux-ng general [Mike Frysinger] - remove files that are no longer delivered from git [LaMont Jones] cal: - add description about option -V to manpage [Li Zefan] chfn: - add pam_end() call and cleanup PAM code [Karel Zak] chsh: - should use pam_end function to terminate the PAM transaction [Yu Zhiguo, Karel Zak] docs: - add info about .bugfix releases and branches [Karel Zak] - fix ChangeLog URL [Pascal Terjan] - fix stable branche name in README.devel [Karel Zak] - update AUTHORS file [Karel Zak] fdisk: - fix typo [Karel Zak] flock: - typo in man page [A. Costa] hwclock: - fix --rtc option [Matthias Koenig, Karel Zak] ionice: - add a note about permissions to ionice.1 [Karel Zak] login: - login segfaults on EOF (rh#298461) [Karel Zak] losetup: - fix errno usage [Karel Zak] mkswap: - possible to crash with SELinux relabeling support [KaiGai Kohei] mount: - -L|-U segfault when label or uuid doesn't exist [Karel Zak] - chain of symlinks to fstab causes use of pointer after free [Norbert Buchmuller] - doesn't drop privileges properly when calling helpers [Ludwig Nussel] - improve error message when helper program not present [LaMont Jones] pg: - fix segfault on search [Rajeev V. Pillai] po: - fix typo in de.po [Karel Zak] - update de.po (from translationproject.org) [Michael Piefel] - update fi.po (from translationproject.org) [Lauri Nurmi] - update hu.po (from translationproject.org) [Gabor Kelemen] - update nl.po (from translationproject.org) [Benno Schulenberg] - update po files [Karel Zak] - update sv.po (from translationproject.org) [Daniel Nylander] rename: - add description about option -V to manpage [Li Zefan] - remove useless variable [Li Zefan] script: - dies on SIGWINCH [Karel Zak] setarch: - adding groff symlinks to setarch manual page [Arkadiusz Miskiewicz] - fix compiler warning [LaMont Jones] - generate groff links in a better way [Karel Zak] tests: - fix blkid cache usage [Karel Zak] -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[ANNOUNCE] util-linux-ng 2.13.0.1
The stable util-linux-ng 2.13.0.1 release is available at ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/ Release Notes = Fixed security issue: CVE-2007-5191 - mount: doesn't drop privileges properly when calling helpers Changelog: - For more details see ChangeLog files at: ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/ docs: - add info about .bugfix releases and branches [Karel Zak] mount: - doesn't drop privileges properly when calling helpers [Ludwig Nussel] -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[ANNOUNCE] util-linux-ng 2.13 (stable)
The stable util-linux-ng 2.13 release is available at: ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/ A few numbers: - 8 months (grr...) - 368 patches (wow...) - 35 contributors (thanks...!) Feedback and bug reports, as always, are welcomed. Karel Util-linux-ng 2.13 Release Notes (28-Aug-2007) === Release highlights: -- mount(8) doesn't include NFS client code anymore. Don't forget to install nfs-utils 1.1.0 or newer with /sbin/[u]mount.{nfs,nfs4}. mount(8) doesn't include filesystem detection code anymore. You have to compile --with-fsprobe={blkid,volume_id}, and libblkid (e2fsprogs) or libvolume_id (udev = v110) is required. mount(8) supports new relatime, context, fscontext, and defcontext mount options. losetup(8) supports command line option -a to list all used loop devices, '-s' to print a device name if -f and a file argument are present, and -r to create a read-only loop device. fdisk(8) Sun label support has been improved. fdisk(8) is also able to warn about detected GPT (fdisk doesn't support GPT). taskset(1) is independent on hardcoded NR_CPUS. chrt(1) supports SCHED_BATCH scheduling policy. The package build system is now based on autotools. The build system supports separate CFLAGS and LDFLAGS for suid programs (SUID_CFLAGS, SUID_LDFLAGS). For more details see the README file hwclock(8) supports command line option --rtc=path and /dev/rtc0 device. --systohc functionality has been improved, and it doesn't cause a 500ms inaccuracy each time it is used. Audit system support (--with-audit) has been added to hwclock(8) and login(1). SELinux support (--with-selinux) has been added to mkswap(8) and mount(8). setarch(8) upstream has been merged with util-linux-ng. rtcwake(8) command has been added to util-linux-ng. arch(1) is deprecated in favor of uname -m or arch(1) from coreutils (= 6.9+). The util-linux-ng package doesn't build arch by default, you have to use the option --enable-arch. Fixed security issues: - CVE-2007-0822 - mount(8) allows local users to trigger a NULL dereference and an application crash CVE-2006-7108 - login(1) omits PAM account validation when auth is skipped Changelog: - For more details see ChangeLog files at: ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v2.13/ agetty: - 8 bit characters on the Linux console lead to input corruption [Samuel Thibault] - add 'O' escape code to display domain name [Karel Zak] - check gethostname() return value [Karel Zak] - fix short malloc in initstring handling [LaMont Jones] blockdev: - add BLKFRAGET/BLKFRASET ioctls [Karel Zak] - cleanup usage() and update man page [Karel Zak] - fix blockdev --getsz for large devices [Karel Zak] - use LU and LLU for BLKGETSIZE and BLKGETSIZE64 [Karel Zak] build-sys: - add ${AC,AP,AM,AH}_OPTS to autogen.sh [Karel Zak] - add AC_GNU_SOURCE [Karel Zak] - add Automake option dist-bzip2 [Stepan Kasal] - add --disable-makeinstall-chown [Karel Zak] - add missing files [Karel Zak] - add SUID_CFLAGS [Karel Zak] - add SUID_LDFLAGS [Stepan Kasal] - add support for audit [Karel Zak] - add warning when libuuid is not found [Karel Zak] - amend .gitignore [Stepan Kasal] - call automake after autoconf [Stepan Kasal] - cleanup architecture conditionals [Karel Zak] - cleanup sys-utils/ rdev symlinks [Karel Zak] - configure.am selinux support cleanup [Karel Zak] - declare SUID_CFLAGS and SUID_LDFLAGS as precious [Stepan Kasal] - do not build convenience libraries in lib/ [Stepan Kasal] - do not kick off AM_CFLAGS by SUID_CFLAGS [Stepan Kasal] - do not play with DEFS, use AM_CPPFLAGS [Stepan Kasal] - do not set with_foo twice [Stepan Kasal] - do not use internal Autoconf variables [Stepan Kasal] - do not use wildcards in EXTRA_DIST [Stepan Kasal] - factor out common parts from mount/Makefile.am [Stepan Kasal] - fix directories in EXTRA_DIST [Karel Zak] - fix HAVE_NCURSES [Karel Zak] - fix ifdef ENABLE_WIDECHAR usage [Karel Zak] - fix linking when ncurses is built with --with-termlib=tinfo [Arkadiusz Miskiewicz] - fix README filenames and add missing files to EXTRA_DISTs [Karel Zak] - fix the example configure call in README [Stepan Kasal] - fix the final message of autogen.sh [Stepan Kasal] - in configure.ac, change po - $srcdir/po [Stepan Kasal] - in the clean targets use find ... | xargs rm -f [Stepan Kasal] - let configure instantiate the misc-utils/*.pl scripts [Stepan Kasal] - make the getopt example directory relative to datadir [Stepan Kasal] - merge adjacent AC_CONFIG_HEADERS and AC_CONFIG_FUNCS calls [Stepan Kasal] - minor fixes in configure.in [Karel Zak] - missing header when NLS is disabled [Gabriel Barazer] - mount
Re: request for patches: showing mount options
On Tue, Jul 31, 2007 at 10:19:57AM -0400, Chuck Lever wrote: The removal of /etc/mtab in favor of /proc/mounts is a new requirement, and is not as trivial as you might hope. Internally the NFS client represents the mount options as a binary data structure, and it contains only the information that has traditionally been passed into the kernel by the current mount command. The user-space-only options are not passed to the kernel nor stored in the data structure. Adding facilities to store information about every possible mount option, including the user-space-only ones, will take a bit of time, but is possible, if not straightforward. We just have to understand all the dependencies. I still have doubts. The removal of /etc/mtab is nice, but a little unreal wish. Do we really want to store non-kernel data (options) in kernel? What about options that are not closely related to any filesystem -- for example loop=? Maybe we can replace /etc/mtab with something more useful (e.g. /var/run/mount/mntid.tab) for really user-space-only information. It doesn't mean that Miklos's audit of all filesystems and request for patches is bad thing. The /proc/mounts has to provide complete information at least about kernel mount options. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [ANNOUNCE] util-linux-ng 2.13-rc1
On Thu, Jul 05, 2007 at 12:41:59PM -0400, Mike Frysinger wrote: On Wednesday 04 July 2007, Christoph Hellwig wrote: On Wed, Jul 04, 2007 at 12:11:56AM +0200, Karel Zak wrote: mount(8) doesn't include filesystem detection code anymore. You have to compile --with-fsprobe={blkid,volume_id}, and libblkid (e2fsprogs) or libvolume_id (udev = v110) is required. Sorry, but it's really annoying to pull in a filesystem-specific devel package for that. Having a library is fine, but please move the library into util-linux so it's always available without another dependency. ugh, moving libraries which are already actively maintained by other core projects into util-linux is so not a good idea (ignoring the fact that it'd easily be a pita/waste for distro maintainers) Yes. We have good experience with libblkid and libvolume_id. This concept is nothing new (see current RHEL, FC, Suse, ...). The change is that we've removed old, useless and unmaintained FS detection code from util-linux. I think move the library to util-linux is really bad idea. A better idea is detach libblkid or libvolume_id (or both) from e2fsprogs/udev and create an independent libfsprobe library and use everywhere (e2fsprogs, udev, util-linux) this library only. The package build system is now based on autotools. The build system supports separate CFLAGS and LDFLAGS for suid programs (SUID_CFLAGS, SUID_LDFLAGS). For more details see the README file And this is really dumb. autotools is a completely pain in the ass and Well, Adrian Bunk added autotools stuff to util-linux during his work on v2.13. This stuff has been fixed and stabilized in util-linux-ng v2.13. I'm not fanatical autotools protagonist, but it seems useful in util-linux. We will see... I'm ready to change or fix arbitrary thing in util-linux-ng, but I always need a real reason -- bug report, new feature, or so. This discussion is about impressions and feelings only. not useful at all for linux-only tools. incorrect. linux changes over time as does the kernel/libc/architecture api's. look at the old util-linux build system -- it had a crappy hand written configure script to try and detect all these different issues. Right. The autotools provides more features that portability only. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[ANNOUNCE] util-linux-ng 2.13-rc1
relative atime support remove all NFS code remove nfsmount() from sundries.h rewrite getfs_by_specdir() without mem leaks shared-subtree support update mtab correctly when mount --move use encoded labels for volume_id use growable string for options use loop= option when mounting by /sbin/mount.type use realloc for xstrconcat functions use verbose mode instead debug mode namei: fix logic and infinite loop of symlinks new regression test newgrp: add support for /etc/gshadow check result from getgrnam() more carefully partx: add man pages for addpart, delpart and partx po: rename mount/mntent.c to mount/mount_mntent.c typo in french translation of mount error. update po files vipw doesn't use rpmatch, all translations have to use y/n raw: add file with udev rule example don't accept raw0 as a target name move the raw command to /sbin update man page (about dd and O_DIRECT) schedutils: add support for SCHED_BATCH define SCHED_BATCH when compile with old glibc remove extra hyptens from man pages taskset is independent of hardcoded NR_CPUS max fix ionice build on sparc setarch: add NLS support sfdisk: fix differ in signedness compiler warnings fix may be used uninitialized compiler warnings setting default geometry values swapon: cleanup PATH_ macros and tailing white-spaces does not correctly deal with symlinks fix swapon headers and syscalls simplify an #if sys-utils: added setarch command add note about obsolete ramsize option to rdev.8 fix man page headers move some man pages from category 8 to 1 tests: add basic infrastructure for regression tests add cal -1 test add cal -3 test add cal -y test add expected outputs for cramfs add functions for label, uuid and fstype detection add hwclock systohc test add library for LD_PRELOAD to manipulate with time() in tests add lock_mtab() performance and reliability test add look test for words with separator add missing header add mkfs.cramfs tests add more variants to {mount,fstab}-by-{label,uuid,devname} add mount by devname from fstab add mount by devname test add mount by devname with label in fstab add mount by devname with uuid in fstab add mount by label from fstab test add mount by LABEL test add mount by label with devname in fstab add mount by label with uuid in fstab add mount by UUID from fstab test add mount by UUID test add mount by uuid with devname in fstab add mount by uuid with label in fstab add mount /dev/symlink test add mount --move test add mount -o remount test add return code add simple helper that returns info about system add support for fstab modification add support for suid programs add swapon by devname test add swapon by UUID test add test for /sbin/mount.type call add ts_log and --verbose support add ts_ok and ts_failed cleanup blkid cache after test device deinitialization code refactoring -- new ts_device_init function code refactoring -- new ts_skip_nonroot function code refactoring -- new ts_udev_loop_support function enable mtablock test when uid=0 only fix argv[] usage in mnt_test_sysinfo.c fix dependence on blkid fix Makefile.am (add missing tests) fix ts_fstab_add function if [...] clean up make clean need to remove diffs and outputs pass all arguments to ts_init, add ts_has_option function refresh mtablock output in expected/ directory simplify devices usage text-utils: fix the more command compilation against termcap tools: add codecheck-config that checks for {HAVE,ENABLE}_ orphans vipw: fix permissions (600-400) for edited /etc/[g]shodow files wall: fix O_NONBLOCK usage misc: Clean up pagesize/PAGE_SIZE usage. clean up realpath.[ch] includes and macros execl() should be use NULL not 0 -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC PATCH 1/1] VFS: Augment /proc/mount with subroot and shared-subtree
On Mon, Jun 25, 2007 at 03:00:15PM -0700, Ram Pai wrote: Please check if the following modified patch meets the requirements. It augments /proc/mount with additional information to (1) disambiguate bind mounts with subroot information. (2) display shared-subtree information using which one can determine the propagation trees. The following additional fields are appended to each record in /proc/mounts Can you append the new fields at real end of records? Now you have the new fields between options and freq, passno. (BTW, maybe we can completely remove freq, passno from /proc/mounts, especially if we don't have care about compatibility with /etc/{mtab,fstab} format. The freq and passno are always zero in /proc/mounts). mntid=id- The unique id associated with that mount. fsid=id:dir - The filesystem's id and directory in that filesystem that makes the root directory of this mount. parent=id - The id of the mount's parent; on which it is mounted. Do we really need a name= (mntid=, fsid=, parent=) prefixes? I think your new fields are always in the same column (on same position). also flags are augmented with new information to indicate the mount's propagation type. Here is a sample 'cat /proc/mounts' after executing the following commands: mount --bind /mnt /mnt mount --make-shared /mnt mount --bind /mnt/1 /var mount --make-slave /var mount --make-shared /mnt mount --make-unbindable /proc rootfs / rootfs rw PRIVATE mntid=c1708c30 fsid=1:/ parent=c1708c30 0 0 /dev/root / ext2 rw PRIVATE mntid=c1208c08 fsid=6200:/ parent=c1708c30 0 0 /proc /proc proc rw UNBINDABLE mntid=c1108c90 fsid=3:/ parent=c1208c08 0 0 devpts /dev/pts devpts rw PRIVATE mntid=c1108c18 fsid=a:/ parent=c1208c08 0 0 /dev/root /mnt ext2 rw SHARED:peer=c1e08cb0 mntid=c1e08cb0 fsid=6200:/mnt parent=c1208c08 0 0 /dev/root /var ext2 rw SHARED:peer=c1f08c28 SLAVE:master=c1e08cb0 mntid=c1f08c28 fsid=6200:/mnt/1 parent=c1208c08 0 0 You needn't peer or master keywords and it would be nice to use one column for all propagation flags (separated by comma). FLAG[:id][,...] for example: SHARED:c1f08c28,SLAVE:c1e08cb0 Full example: fsname dir type opts freq passno \ propflags mntid fsid parentid rootfs / rootfs rw 0 0 PRIVATE c1708c30 1:/ c1708c30 /dev/root / ext2 rw 0 0 PRIVATE 1208c08 6200:/ c1708c30 /proc /proc proc rw 0 0 UNBINDABLE c1108c90 3:/ c1208c08 devpts /dev/pts devpts rw 0 0 PRIVATE c1108c18 a:/ c1208c08 /dev/root /mnt ext2 rw 0 0 SHARED:c1e08cb0 c1e08cb0 6200:/mnt c1208c08 /dev/root /var ext2 rw 0 0 SHARED:c1f08c28,SLAVE:c1e08cb0 c1f08c28 6200:/mnt/1 c1208c08 Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Adding subroot information to /proc/mounts, or obtaining that through other means
On Wed, Jun 20, 2007 at 01:57:33PM -0700, H. Peter Anvin wrote: We could add a field to /proc/mounts to add this information: /dev/md6 /export ext3 rw,data=ordered 0 0 / /dev/md6 /home/foo ext3 rw,data=ordered 0 0 /users/foo /dev/md6 /home/bar ext3 rw,data=ordered 0 0 /users/bar I prefer this format. It's compatible with the mount(8) -- the mount ignores extra columns. ... or, alternatively, add a subfield to the first field (which would entail escaping whatever separator we choose): /dev/md6 /export ext3 rw,data=ordered 0 0 /dev/md6:/users/foo /home/foo ext3 rw,data=ordered 0 0 /dev/md6:/users/bar /home/bar ext3 rw,data=ordered 0 0 We needn't a new separator (':') there already is one (' '). I'm personally leaning toward the second option (/dev/md6:/users/foo). Although that might confuse current utilities, those utilities are *already* liable to get confused by the fact that the line doesn't mean what they think it means. Many people use ln -s /proc/mounts /etc/mtab. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC] obsoleting /etc/mtab
On Fri, Jun 01, 2007 at 09:49:05AM +0100, Christoph Hellwig wrote: On Fri, Jun 01, 2007 at 10:33:09AM +0200, Karel Zak wrote: The core of the problem is that HAL doesn't have entries in /etc/fstab, so you cannot check for user= and users= by umount(8). The HAL have enough information about user's privileges, but the umount(8) knows nothing. Please don't put this in. The last thing we need is more ugly hacks and suid mess in the mount code. Miklos is working towards proper suid mess? Fortunately, we use external umount programs for all network filesystems. non-privilegued mounts and you should better support him there. Yes, I look forward to his patches, but there is still a fstab check in umount. The current umount(8) code expects user or users option in /etc/mtab (or in Miklos's /proc/mounts) and *also* in /etc/fstab. Maybe the umount(8) code is too much paranoid and we needn't the fstab check, especially with non-suid umount(2). Miklos's patches also add support for a submount under the owned mount -- this is probably next situation when check against fstab is useless. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC] obsoleting /etc/mtab
On Fri, Jun 01, 2007 at 09:03:42AM +0200, Miklos Szeredi wrote: uhelper= ... this one is my baby :-( (Not released by upstream yet. ...according to Google this Fedora patch is already in Mandrake, PCLinuxOS, Pardus, and ??? ) From man page: The uhelper (unprivileged umount request helper) is possible used when non-root user wants to umount a mountpoint which is not defined in the /etc/fstab file (e.g devices mounted by HAL). So the helper gets to run _before_ the umount takes place? The helper runs instead the umount(8). That's almost same like /sbin/umount.nfs. For example if you have mtab: /dev/foo /media/hal_hell_mnt iso9990 uhelper=hal when you call as unprivileged user the /sbin/umount command: it detects that you have no permissions, but that there is /sbin/umount.hal and all is redirected (fork(), execv(), ...) to the umount.hal. The umount(8) doesn't do anything with the mointpoint in this case. The core of the problem is that HAL doesn't have entries in /etc/fstab, so you cannot check for user= and users= by umount(8). The HAL have enough information about user's privileges, but the umount(8) knows nothing. http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=dd9f213ab6efd352f67bc18071c16239d1002b94 Sounds good, but there should be a way (an option) to disable this functionality (in case when mtab is required for an exotic reason). Sure, that's a good idea. How do we configure mount(8)? Maybe an option (--no-mtab-symlink), and leave the configuration to userspace. When mount is invoked first on boot (mount -a) this could tell us if the creation of the symlink is not desired. Yes. (The mount is invoked first with -n (= no mtab) in early boot time, because the root device is mounted read-only. Later the init scripts use mount -f which doesn't call mount(2), but adds things to mtab only. In this time we need to use --no-mtab-symlink). But that's detail...) Can someone think of any other problem with getting rid of /etc/mtab? Crazy idea: make kernel more promiscuous with mount options -- it means you can use an arbitrary foo= option for mount(2) when max length of all options is less than or equal to /proc/sys/fs/mntopt_max. (well... NACK :-) I agree that the /etc/mtab file is badly designed thing where we duplicate almost all from /proc/mounts, but loop= and uhelper= are nice examples that userspace utils are able to capitalize on this concept. Maybe we need something better than the mtab for userspace specific options. Somewhere at people.redhat.com/kzak/ I have a patch that add LUKS support to the mount(8) and this patch also add new options to the mtab file. I can imagine more scenarios when userspace specific options are good thing. So there's a need to attach some metadata to mounts. And preferably that should also be stored in the kernel, otherwise there will just be confusion, when the mount tree is manipulated without the metadata also being updated. And with unprivileged mounts this can only be guaranteed if the metadata is also in the kernel. There is more scenarios -- for example somewhere in RH bugzilla is waiting request for read-only root filesystem -- in particular case the writable /etc/mtab is problem. So, how about a special mount option: uopts=..., which would contain userspace options separated by ; or whatever. Then the kernel could be taught to store this option verbatim and show it in /proc/mounts along with the kernel options. Yes, something like uopts=... is my wish for long time. [1] http://lkml.org/lkml/2007/4/27/180 The patches have been postponed by Andrew, right? Or is it already in -mm? Yes, they have now survived for a month in -mm, which might be a good sign ;) Cool, good news. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC] obsoleting /etc/mtab
On Thu, May 31, 2007 at 05:11:40PM -0700, H. Peter Anvin wrote: Trond Myklebust wrote: A lot of these could be fixed all at once by letting the filesystem tell the VFS to retain the string passed to the original mount. That will Unfortunately, the original option string (from userspace) != real options (in kernel), see NFS. This bug should be fixed -- the kernel has to fully follow mount(2) or ends with EINVAL. Way ahead of you... See patches 6 and 7 on http://client.linux-nfs.org/Linux-2.6.x/2.6.22-rc3/ :-) NFS takes a binary option block anyway. However, that's the exception, not the rule. I'm not sure, but I think that cifs and ncpfs (NetWare) are exceptions too. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC] obsoleting /etc/mtab
Hi Miklos, On Thu, May 31, 2007 at 06:29:12PM +0200, Miklos Szeredi wrote: It's not just mount(8) that reads /etc/mtab, but various other utilities, for example df(1). So the best solution would be if mount.nfs, mount.cifs, mount.ocfs, HAL, am-utils (amd)... and these utils also write to mtab, although I think many of them already check for a symlink. /etc/mtab were a symlink to /proc/mounts, and the kernel would be the authoritative source of information regarding mounts. Yes. (1) user mounts (user or users option in /etc/fstab) currently need /etc/mtab to keep track of the owner There is more things: loop=/dev/loopN ... umount(8) uses this option for loop device deinitialization, when the device was initialized by mount(8), encryption=, offset=, speed= ... but nothing uses these options uhelper= ... this one is my baby :-( (Not released by upstream yet. ...according to Google this Fedora patch is already in Mandrake, PCLinuxOS, Pardus, and ??? ) From man page: The uhelper (unprivileged umount request helper) is possible used when non-root user wants to umount a mountpoint which is not defined in the /etc/fstab file (e.g devices mounted by HAL). GNOME people love it, because that's a way how use command line utils (umount(8)) for devices that was mounted by desktop daemons. The umount.nfs also reads many options from mtab, but it seems all these options are also in /proc/mounts. I know almost nothing about the others [u]mount dialects (cifs, ...). (2) lots of filesystems only present a few mount options (or none) in /proc/mounts (1) can be solved with the new mount owner support in the unprivileged mounts patchset. Mount(8) would still have to detect at boot time if this is available, and either create the symlink to /proc/mounts or if MS_SETOWNER is not available, fall back to using /etc/mtab. Sounds good, but there should be a way (an option) to disable this functionality (in case when mtab is required for an exotic reason). (2) needs work in the filesystems implicated. I already have patches for ext2, ext3, tmpfs, devpts and hostfs, and it would be nice if the maintainers for others could help out. It wouldn't even be fatal if some mount options were missing from /proc/mounts. Mount options in /etc/mtab have never been perfectly accurate, especially after a remount, when they could get totally out of sync with the options effective for the filesystem. The /etc/mtab is almost always useless with NFS (kernel is changing mount options according to NFS server settings, so there is possible that you have rw in mtab and ro in /proc/mounts :-) Can someone think of any other problem with getting rid of /etc/mtab? Crazy idea: make kernel more promiscuous with mount options -- it means you can use an arbitrary foo= option for mount(2) when max length of all options is less than or equal to /proc/sys/fs/mntopt_max. (well... NACK :-) I agree that the /etc/mtab file is badly designed thing where we duplicate almost all from /proc/mounts, but loop= and uhelper= are nice examples that userspace utils are able to capitalize on this concept. Maybe we need something better than the mtab for userspace specific options. Somewhere at people.redhat.com/kzak/ I have a patch that add LUKS support to the mount(8) and this patch also add new options to the mtab file. I can imagine more scenarios when userspace specific options are good thing. [1] http://lkml.org/lkml/2007/4/27/180 The patches have been postponed by Andrew, right? Or is it already in -mm? Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC] obsoleting /etc/mtab
On Thu, May 31, 2007 at 09:40:49AM -0700, H. Peter Anvin wrote: Miklos Szeredi wrote: (2) needs work in the filesystems implicated. I already have patches for ext2, ext3, tmpfs, devpts and hostfs, and it would be nice if the maintainers for others could help out. A lot of these could be fixed all at once by letting the filesystem tell the VFS to retain the string passed to the original mount. That will Unfortunately, the original option string (from userspace) != real options (in kernel), see NFS. This bug should be fixed -- the kernel has to fully follow mount(2) or ends with EINVAL. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 08/13] NFS: Add functions to parse nfs mount options to fs/nfs/super.c
On Mon, May 21, 2007 at 12:09:54PM -0400, Chuck Lever wrote: For NFSv2 and NFSv3 mount options. Signed-off-by: Chuck Lever [EMAIL PROTECTED] +static int nfs_parse_options(char *raw, struct nfs_mount_args *mnt) +{ + char *p, *string; + + if (!raw) { + dprintk(NFS: mount options string was NULL.\n); + return 1; + } + + while ((p = strsep (raw, ,)) != NULL) { + substring_t args[MAX_OPT_ARGS]; + int option, token; + + if (!*p) + continue; + token = match_token(p, nfs_tokens, args); + + case Opt_context: + match_strcpy(mnt-nmd.context, args); + break; The userspace version (nfs-utils) of this code supports a quoted context strings. For example: context=aaa,bbb,ccc,hard It seems your code blindly parses a raw option string by ,. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 08/13] NFS: Add functions to parse nfs mount options to fs/nfs/super.c
On Tue, May 29, 2007 at 05:08:01PM -0400, Chuck Lever wrote: Karel Zak wrote: On Mon, May 21, 2007 at 12:09:54PM -0400, Chuck Lever wrote: For NFSv2 and NFSv3 mount options. Signed-off-by: Chuck Lever [EMAIL PROTECTED] +static int nfs_parse_options(char *raw, struct nfs_mount_args *mnt) +{ + char *p, *string; + + if (!raw) { + dprintk(NFS: mount options string was NULL.\n); + return 1; + } + + while ((p = strsep (raw, ,)) != NULL) { + substring_t args[MAX_OPT_ARGS]; + int option, token; + + if (!*p) + continue; + token = match_token(p, nfs_tokens, args); + + case Opt_context: + match_strcpy(mnt-nmd.context, args); + break; The userspace version (nfs-utils) of this code supports a quoted context strings. For example: context=aaa,bbb,ccc,hard It seems your code blindly parses a raw option string by ,. Karel- I've never used the context= option, and didn't find any documentation describing how it was used. That's SELinux stuff. See original discussion: http://thread.gmane.org/gmane.linux.redhat.security.lspp/1002/focus=1004 There are also fscontext, defcontext and context for normal (non-NFS) mounts. See the mount.8 patch (where is basic docs): http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=blobdiff;f=mount/mount.8;h=8ed5a11b77985c8da2dcac4602a67f8785a95070;hp=4692a42b3487b8e0db6dc0b7d17cfd214e8aefc8;hb=3a620ba4bffade41d81c429560c40bb65c9b81a7;hpb=6573c985a4077fa7d50ccb993bae177526fde8ec Is there a clean example of how to use the in-kernel parser to handle quoted strings containing commas? Not sure. It was introduced by [PATCH] SELinux: support mls categories for context mounts: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3528a95322b5c1ce882ab723f175a1845430cd89 The SELinux specific options are extracted from mount options by the sb_copy_data hook (fs/super.c, vfs_kern_mount()) -- that's probably transparent for all filesystems, maybe for your NFS options too. (I didn't study it in detail.) Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
On Wed, Apr 25, 2007 at 09:18:28AM +0200, Miklos Szeredi wrote: The following extra security measures are taken for unprivileged mounts: - usermounts are limited by a sysctl tunable - force nosuid,nodev mount options on the created mount The original userspace user= solution also implies the noexec option by default (you can override the default by exec option). Unlike nosuid and nodev, I don't think noexec has real security benefits. Yes. I agree. It means the kernel based solution is not fully compatible ;-( Oh, I don't think that matters. For traditional /etc/fstab based user mounts, mount(8) will have to remain suid-root, the kernel can't replace the fstab check. Ok, it makes sense. You're right that for the mount(8) is more important the fstab check. Please, prepare a mount(8) patch -- with the patch it will be more clear. We could add a new nosubmount or similar flag, to prevent submounting, but that again would go against the simplicity of the current approach, so I'm not sure it's worth it. The nosubmount is probably good idea. The patches seem much better in v4. I'm fun for the feature in the kernel (and also for every change that makes mtab more and more obsolete :-). Karel Miklos - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html -- Karel Zak [EMAIL PROTECTED] Red Hat Czech s.r.o. Purkynova 99/71, 612 45 Brno, Czech Republic Reg.id: CZ27690016 - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
On Fri, Apr 20, 2007 at 12:25:32PM +0200, Miklos Szeredi wrote: The following extra security measures are taken for unprivileged mounts: - usermounts are limited by a sysctl tunable - force nosuid,nodev mount options on the created mount The original userspace user= solution also implies the noexec option by default (you can override the default by exec option). It means the kernel based solution is not fully compatible ;-( Karel -- Karel Zak [EMAIL PROTECTED] Red Hat Czech s.r.o. Purkynova 99/71, 612 45 Brno, Czech Republic Reg.id: CZ27690016 - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: How to query mount propagation state?
On Mon, Apr 16, 2007 at 10:39:46AM -0700, Ram Pai wrote: This patch disambiguates multiple mount-instances of the same filesystem (or part of the same filesystem), by introducing a new interface /proc/mounts_new. The interface has the following format. ^^ ... odd name. What will be the name for a next generation? /proc/mounts_new_new? :-) 'cat /proc/mounts' shows the following: /dev/root /mnt ext2 rw 0 0 /dev/root /tmp1 ext2 rw 0 0 NOTE: The above mount entries, do not indicate that /tmp1 contains the same directory tree as /var/tmp. But 'cat /proc/mounts_new' shows us the following: 0x6200 /mnt /var ext2 rw 0 0 0x6200 /tmp1 /var/tmp ext2 rw 0 0 Can't you purely and simply add the fsid= option to /proc/mounts? /dev/root /mnt ext2 rw,fsid=0x6200 0 0 /dev/root /mnt ext2 rw,fsid=0x6200 0 0 I think you can do it without a negative impact to userspace. This patch introduces a new proc interface that exposes all the propagation trees within the namespace. Good idea. It walks through each off the mounts in the namespace, and prints the following information. mount-id: a unique mount identifier dev-id : the unique device used to identify the device containing the filesystem Why not major:minor? path-from-root: mount point of the mount from / path-from-root-of-its-sb: path from its own root dentry. propagation-flag: SHARED, SLAVE, UNBINDABLE, PRIVATE peer-mount-id: the mount-id of its peer mount (if this mount is shared) master-mount-id: the mount-id of its master mount (if this mount is slave) Example: Here is a sample output of cat /proc/$$/mounts_propagation 0xa917800 0x1 / / PRIVATE 0xa917200 0x6200 / / PRIVATE 0xa917180 0x3 /proc / PRIVATE 0xa917f80 0xa /dev/pts / PRIVATE 0xa917100 0x6210 /mnt / SHARED peer:0xa917100 0xa917f00 0x6210 /tmp /1 SLAVE master:0xa917100 0xa917900 0x6220 /mnt/2 / SHARED peer:0xa917900 Same thing (although the mounts_propagation makes more sense than mount_new from my point of view). cat /proc/mounts (or /proc/$$/mounts) /dev/root /mnt ext2 rw,mid=0xa917100,did=0x6210,prop=SHARED,peer=0xa917100 my $0.02... Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 0/8] unprivileged mount syscall
On Fri, Apr 13, 2007 at 01:58:59PM +0200, Miklos Szeredi wrote: On Wed, 2007-04-11 at 12:44 +0200, Miklos Szeredi wrote: 1. clone the master namespace. 2. in the new namespace move the tree under /share/$me to / for each ($user, $what, $how) { move /share/$user/$what to /$what if ($how == slave) { make the mount tree under /$what as slave } } 3. in the new namespace make the tree under /share as private and unmount /share Thanks. I get the basic idea now: the namespace itself need not be shared between the sessions, it is enough if share propagation is set up between the different namespaces of a user. I don't yet see either in your or Viro's description how the trees under /share/$USER are initialized. I guess they are recursively bound from /, and are made slaves. yes. I suppose, when a userid is created one of the steps would be mount --rbind / /share/$USER mount --make-rslave /share/$USER mount --make-rshared /share/$USER Thinking a bit more about this, I'm quite sure most users wouldn't even want private namespaces. It would be enough to chroot /share/$USER and be done with it. I don't think so. How to you want to implement non-shared /tmp directories? The chroot is overkill in this case. See: http://www.coker.com.au/selinux/talks/sage-2006/PolyInstantiatedDirectories.html http://danwalsh.livejournal.com/ Private namespaces are only good for keeping a bunch of mounts referenced by a group of processes. But my guess is, that the natural behavior for users is to see a persistent set of mounts. If for example they mount something on a remote machine, then log out from the ssh session and later log back in, they would want to see their previous mount still there. They can mount to /mnt where the directory is shared (mount --make-shared /mnt) and visible and all namespaces. I think /share/$USER is an extreme example. You can found more situations when private namespaces are nice solution. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 0/8] unprivileged mount syscall
On Mon, Apr 09, 2007 at 10:46:25AM -0700, Ram Pai wrote: On Mon, 2007-04-09 at 12:07 -0500, Serge E. Hallyn wrote: Quoting Miklos Szeredi ([EMAIL PROTECTED]): - need to set up mount propagation from global namespace to private ones, mount(8) does not yet have options to configure propagation Hmm, I guess I get lost using my own little systems, and just assumed that shared subtree functionality was making its way up into mount(8). Ram, have you been working on that? It is in FC6. I dont know the status off upstream util-linux. I did submit the patch many times to Adrian Bunk (the then util-linux maintainer) and got no response. I have not pushed the patches to the new maintainer(Karel Zak?) though. The shared-subtree patch has been applied: http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commitdiff;h=389fbea536e4308d9475fa2a89e53e188ce8a0e3;hp=939a997de0c761d29fb7530976ca20da4898703a Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[ANNOUNCE] util-linux-ng
I'm pleased to announce a new util-linux-ng project. This project is a fork of the original util-linux (2.13-pre7). The goal of the project is to move util-linux code back to useful state, sync with actual distributions and kernel and make development more transparent end open. The short term goals (for 2.13 release): - remove all NFS code from util-linux-ng (/sbin/mount.nfs from nfs-utils is replacement) - remove FS/device detection code (libblkid from e2fsprogs or libvolumeid is replacement) - move as much as possible patches from distributions to upstream Mailing list: http://vger.kernel.org/vger-lists.html#util-linux-ng FTP: ftp://ftp.kernel.org/pub/scm/utils/util-linux-ng/ GIT: git clone git://git.kernel.org/pub/scm/utils/util-linux-ng/util-linux-ng.git util-linux-ng [Note, GIT repo contains previous 47 versions of util-linux.] The mailing list or my private e-mail are open for your patches, ideas and suggestion. The mailing list is also place where you can help us review patches. Karel -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Relative atime (was Re: What's in ocfs2.git)
On Fri, Dec 08, 2006 at 07:15:14PM -0800, Valerie Henson wrote: On Tue, Dec 05, 2006 at 08:58:02PM -0800, Andrew Morton wrote: That's the easy part. How are we going to get mount(8) patched? Karel, interested in taking a look at the following patch? The kernel bits are in -mm currently. The patch looks good. I'll add it to my development util-linux tree. Thanks. Karel Add the relatime (relative atime) option support to mount. Relative atime only updates the atime if the previous atime is older than the mtime or ctime. Like noatime, but useful for applications like mutt that need to know when a file has been read since it was last modified. Cc: Adrian Bunk [EMAIL PROTECTED] Cc: Al Viro [EMAIL PROTECTED] Cc: Karel Zak [EMAIL PROTECTED] Signed-off-by: Valerie Henson [EMAIL PROTECTED] --- mount/mount.8 |7 +++ mount/mount.c |6 ++ mount/mount_constants.h |4 3 files changed, 17 insertions(+) --- util-linux-2.13-pre7.orig/mount/mount.8 +++ util-linux-2.13-pre7/mount/mount.8 @@ -586,6 +586,13 @@ access on the news spool to speed up new .B nodiratime Do not update directory inode access times on this filesystem. .TP +.B relatime +Update inode access times relative to modify or change time. Access +time is only updated if the previous access time was earlier than the +current modify or change time. (Similar to noatime, but doesn't break +mutt or other applications that need to know if a file has been read +since the last time it was modified.) +.TP .B noauto Can only be mounted explicitly (i.e., the .B \-a --- util-linux-2.13-pre7.orig/mount/mount.c +++ util-linux-2.13-pre7/mount/mount.c @@ -164,6 +164,12 @@ static const struct opt_map opt_map[] = { diratime, 0, 1, MS_NODIRATIME }, /* Update dir access times */ { nodiratime, 0, 0, MS_NODIRATIME },/* Do not update dir access times */ #endif +#ifdef MS_RELATIME + { relatime, 0, 0, MS_RELATIME }, /* Update access times relative to +mtime/ctime */ + { norelatime, 0, 1, MS_RELATIME }, /* Update access time without regard +to mtime/ctime */ +#endif { NULL,0, 0, 0 } }; --- util-linux-2.13-pre7.orig/mount/mount_constants.h +++ util-linux-2.13-pre7/mount/mount_constants.h @@ -57,6 +57,10 @@ if we have a stack or plain mount - moun #ifndef MS_VERBOSE #define MS_VERBOSE 0x8000 /* 32768 */ #endif +#ifndef MS_RELATIME +#define MS_RELATIME 0x20 /* 20: Update access times relative +to mtime/ctime */ +#endif /* * Magic mount flag number. Had to be or-ed to the flag values. */ - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html -- Karel Zak [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-fsdevel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html