|| ||Dave Hansen <email@example.com>|
|| ||[PATCH 00/25] Read-only bind mounts|
|| ||Thu, 20 Sep 2007 12:52:49 -0700|
|| ||firstname.lastname@example.org, email@example.com,
Dave Hansen <firstname.lastname@example.org>|
This is against 2.6.23-rc6. Compared to 2.6.23-rc6-mm1, there
are a few (trivial) merge conflicts with the audit git tree,
and one slightly more complicated one with ext2-reservations.patch.
Changes from last post:
- added several kerneldoc comments for exported functions
- broke out the 'mnt' variable patch
- removed WARN_ON() in ioctl patch
The first four patches here are very simple cleanups, and can go
in ahead of the rest of the patches.
If you are reviewing this, the things that need the most review
are the last two patches that actually add the logic for
tracking mount write counts.
Why do we need r/o bind mounts?
This feature allows a read-only view into a read-write filesystem.
In the process of doing that, it also provides infrastructure for
keeping track of the number of writers to any given mount.
This has a number of uses. It allows chroots to have parts of
filesystems writable. It will be useful for containers in the future
because users may have root inside a container, but should not
be allowed to write to somefilesystems. This also replaces
patches that vserver has had out of the tree for several years.
It allows security enhancement by making sure that parts of
your filesystem read-only (such as when you don't trust your
FTP server), when you don't want to have entire new filesystems
mounted, or when you want atime selectively updated.
I've been using the following script to test that the feature is
working as desired. It takes a directory and makes a regular
bind and a r/o bind mount of it. It then performs some normal
filesystem operations on the three directories, including ones
that are expected to fail, like creating a file on the r/o
Signed-off-by: Dave Hansen <email@example.com>