http://lwn.net/Articles/159077/ This is a special feed containing comments posted to the individual LWN article titled "Shared subtrees". hourly 2 http://lwn.net/Articles/166242/rss 2006-01-04T04:23:41+00:00 abartlet Closer to home, this is also the behaviour of smbmount, when the helper binary (smbmnt) is setuid.<br> http://lwn.net/Articles/162313/rss 2005-12-01T11:34:41+00:00 linuxram shared subtrees allows you to create identical mount trees at different locations. It does more than that, but in general it makes sure that the<br> subtrees remain identical even after a series of mount and unmounts, in any of the subtrees.<br> <p> Chroot is a entirely different thing. It helps set a process up in a jail<br> Once in a jail the process wont be able to access anything outside the directory tree. Neither do any of its children.<br> <p> But the combination of shared subtree and chroot togather have lot of applications. One example is mentioned in the article, where we can have a identical subtree for each user(thanks to shared subtree semantics). And each user can get jailed in its corresponding subtree (thanks to chroot).<br> http://lwn.net/Articles/162310/rss 2005-12-01T11:21:26+00:00 linuxram the namespace terminology used here is bit off. <br> In Linux a namespace is the entire mount-tree. A namespace can be accessed only by the processes that created that namespace and all its children provided the child has not forked off its own namespace.<br> <p> The namespace terminology is used in this article to mean identical subtrees within a given namespace. <br> <p> Otherwise I feel the article has clearly and concisely touched upon this rather complicated idea.<br> <p> RP<br> http://lwn.net/Articles/161662/rss 2005-11-26T06:14:47+00:00 csamuel DEC Ultrix did allow users to do NFS mounts onto directories that they <br> owned. Whether this is a bug or a feature is left as an exercise for the <br> reader. <br> http://lwn.net/Articles/160039/rss 2005-11-15T02:06:22+00:00 proski My understanding is that chroot creates a new namespace whereas the shared subtrees patch configures relationships between the namespaces. The answer to your second question is probably negative. It would be like implementing mkdir using chmod. http://lwn.net/Articles/159778/rss 2005-11-12T09:59:47+00:00 lacostej How do shared trees and chroot relate?<br> Is it possible to implement some kind of chroot using this?<br> <p> http://lwn.net/Articles/159752/rss 2005-11-12T00:06:43+00:00 elanthis If the rule is "any directory the user *owns*" then world-writable directories wouldn't be a big problem.<br> http://lwn.net/Articles/159668/rss 2005-11-11T11:05:24+00:00 nix Yes; that would mean that only world-writable directories (which strike me as a really bad idea) would be `problematic'.<br> <p> (And for those of us giving each user their own /tmp, well, we can turn the sticky bit off and fix up the permissions so that only that user can write to it :) )<br> http://lwn.net/Articles/159611/rss 2005-11-10T23:12:32+00:00 hazelsct Well, yes and no. You still need some extra hacks to make package post-install scripts get everything right in all of the /etc sub-directories for example. But you're right, this could make the process somewhat easier.<br> http://lwn.net/Articles/159552/rss 2005-11-10T19:22:56+00:00 iabervon Well, that case should be safe, since it happens before any users could be on the system (since the root directory of their namespaces hasn't been mounted yet, aside from anything else). Other uses might not be so safe, though.<br> http://lwn.net/Articles/159551/rss 2005-11-10T19:13:11+00:00 pointwood Yeah, I love the laughs I usually get while reading LWN :)<br> http://lwn.net/Articles/159523/rss 2005-11-10T17:37:19+00:00 smoogen I think this will help make diskless workstations also more maintainable. In this case you can have a master tree that you keep patched and then have your subtrees which are then exported to each workstation. You can patch the master and see the patches show up cleanly in the multiple workstations without having to patch each workstation. (Except for files in the workstation that are not shared :)).<br> http://lwn.net/Articles/159521/rss 2005-11-10T17:25:18+00:00 rfunk mount --bind /subtree /subtree <br> mount --make-unbindable /subtree <br> <br> Looks like a race-condition vulnerability to me. <br> http://lwn.net/Articles/159488/rss 2005-11-10T14:58:50+00:00 jzbiciak How about "any directory the user owns, or has write access to but does not have the sticky bit set"? Quick refresher on the sticky bit from the chmod(1) manpage: <PRE>STICKY DIRECTORIES When the sticky bit is set on a directory, files in that directory may be unlinked or renamed only by root or their owner. Without the sticky bit, anyone able to write to the directory can delete or rename files. The sticky bit is commonly found on directories, such as /tmp, that are world-writable.</PRE> http://lwn.net/Articles/159462/rss 2005-11-10T12:17:50+00:00 petebull I like the filename on the mounted cdrom :) <br> <br> Good pun. <br> http://lwn.net/Articles/159444/rss 2005-11-10T11:34:14+00:00 nix One thing that might be useful here is a modification to mount(1) that allows the mounting of filesystems of specific types (listed in /etc/user-mountable-filesystems?) by any user *on top of any directory that user has write access to*. (I'm slightly concerned about /tmp, but not very. /tmp should probably be remounted separately in each user's subtree in any case in a system making use of this patch.)<br> http://lwn.net/Articles/159376/rss 2005-11-10T03:56:11+00:00 corbet Yes, it should. Fixed now. http://lwn.net/Articles/159373/rss 2005-11-10T03:52:37+00:00 npj Should this command example about 60% of the way through the article:<br> mount --bind /mnt /mnt<br> mount --make-shared /subtree<br> <p> Read like this instead:<br> mount --bind /mnt /mnt<br> mount --make-shared /mnt<br> <p> ?<br>