lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Aug 2018 16:24:08 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: Andy Lutomirski <luto@...capital.net> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, David Howells <dhowells@...hat.com>, John Johansen <john.johansen@...onical.com>, Tejun Heo <tj@...nel.org>, selinux@...ho.nsa.gov, Paul Moore <paul@...l-moore.com>, Li Zefan <lizefan@...wei.com>, linux-api@...r.kernel.org, apparmor@...ts.ubuntu.com, Casey Schaufler <casey@...aufler-ca.com>, fenghua.yu@...el.com, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Eric Biggers <ebiggers@...gle.com>, linux-security-module@...r.kernel.org, Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>, Johannes Weiner <hannes@...xchg.org>, Stephen Smalley <sds@...ho.nsa.gov>, tomoyo-dev-en@...ts.sourceforge.jp, cgroups@...r.kernel.org, torvalds@...ux-foundation.org, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, "Theodore Y. Ts'o" <tytso@....edu>, Miklos Szeredi <miklos@...redi.hu> Subject: Re: BUG: Mount ignores mount options On Fri, Aug 10, 2018 at 07:36:17AM -0700, Andy Lutomirski wrote: > > > > On Aug 10, 2018, at 7:05 AM, Eric W. Biederman <ebiederm@...ssion.com> wrote: > > > > > > There is a serious problem with mount options today that fsopen does not > > address. The problem is that mount options are ignored for block based > > filesystems, and any other type of filesystem that follows the same > > pattern. > > > > > /dev/loop0 /root/loop0-noacl-noquota-nouser_xattr ext4 rw,relatime,nouser_xattr,noacl 0 0 > > /dev/loop0 /root/loop0-acl-quota-user_xattr ext4 rw,relatime,nouser_xattr,noacl 0 0 > > To make sure I understand correctly: the problem is that the second mount ignored the options because the device was already mounted, right? > > For the new API, I think the only remotely sane approach is to refuse to mount or init or whatever you call it an already mounted bdev. If user code genuinely needs to bind-mount an existing mount that is known only by its bdev, we can add a specific API just for that. First of all, that does NOT belong anywhere other than fs itself. Example: NFS. Not every attempt to mount something leads to creation of new fs instance; moreover, whether it will or not can't be predicted in general. PS: for pity sake, fix your MUA; 270-character lines are way over the top.
Powered by blists - more mailing lists