[CFT][PATCH] mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by mount

Eric W. Biederman ebiederm at xmission.com
Sun Nov 30 18:46:48 UTC 2014


Andy Lutomirski <luto at amacapital.net> writes:

> On Nov 29, 2014 4:06 PM, "Eric W. Biederman" <ebiederm at xmission.com> wrote:
>>
>>
>> Now that remount is properly enforcing the rule that you can't remove
>> nodev at leastsandstorm.iois breaking when performing a remount.
>>
>> It turns out that there is an easy intuitive solution implicitly
>> add nodev on remount when nodev was implicitly added on mount.
>
> Is this intended to be a permanent fix or are you planning on
> replacing it with something closer to my version for 3.19?
>
> http://git.kernel.org/cgit/linux/kernel/git/luto/linux.git/commit/?h=userns/fix_magic_nodev&id=bf8b198add82a249d6da4ecf280c30a0865637f6
>
> I still think that the implicit nodev behavior is a bad idea in
> general.

I want to consider your change as part of the larger discussion about
how we take the final step towards allowing fuse and other filesystems
with backing store to be merged in the kernel.

There are actually some other possibilities with s_user_ns in the mix.

The cleanest solution is probably to declare dev_t as well as security
labels values that are interpreted with respect to user namespaces.
Then seeting s_user_ns != &init_user_ns will yield device nodes that
simply don't have a meaning in the kernel.  Which winds up being
effectively the same as an implicit nodev, but without the compatibility
hassle.

But all of that is or should be development.  And what my patch is, is
about getting a simple bug fix that works.

Eric


More information about the Containers mailing list