For review: user_namespace(7) man page

Eric W. Biederman ebiederm at xmission.com
Tue Sep 9 16:16:08 UTC 2014


"Michael Kerrisk (man-pages)" <mtk.manpages at gmail.com> writes:

> Hi Eric,
>
>> On a related note.  One thing that has come up recently (in 3 separate
>> implementations is that mount(MS_REMOUNT|...,...) must include all of
>> the mount flags that need to be preserved.   People creating read-only
>> bind mounts tend to miss that and the locked flags in mount namespaces.
>> That issue was flushed out now that the kernel is now not allowing most
>> mount flags to be cleared in mount namespaces.
>
> So, are you meaning that something needs to be added to the page
> regarding this point?

Yes.  The interface is non-intuitive and we should at least document
the weirdness.

I recommend updating the mount(2) man page to say something like:

      MS_REMOUNT

              Remount an existing mount.  This allows you to change the
              mountflags and data of an existing mount without having
              to unmount and remount the file system.  target should be
              the same value specified in the initial mount() call;
              source and filesystemtype are ignored.

^^^^^^^^^^^^^
              Mountflags and data should match the original mount system
              call except those parameters that are being deliberately
              changed.

              The following mountflags can be changed: MS_RDONLY,
              MS_SYNCHRONOUS, MS_MANDLOCK; before kernel 2.6.16, the
              following could also be changed: MS_NOATIME and
              MS_NODIRATIME; and, additionally, before kernel 2.4.10,
              the following could also be changed: MS_NOSUID, MS_NODEV,
              MS_NOEXEC.


Eric


More information about the Containers mailing list