LKML Archive on
help / color / mirror / Atom feed
From: Dave Hansen <>
	Dave Hansen <>
Subject: [PATCH 00/30] Read-only bind mounts (-mm resend)
Date: Fri, 15 Feb 2008 14:37:21 -0800	[thread overview]
Message-ID: <20080215223721.9E0A088A@kernel> (raw)

This is against current Linus git.

Miklos, if you send me a copy of your current unprivledged mount
code merged against mainline, I'll merge with this.


This rolls up all the -mm bugfixes that were accumulated, and
addresses some new review comments from Al.  Also contains some
reworking from hch and a patch from Jeff Dike.

Just posting here to let everyone have a sniff before we resend
it back to -mm.


Why do we need r/o bind mounts?

This feature allows a read-only view into a read-write filesystem.
In the process of doing that, it also provides infrastructure for
keeping track of the number of writers to any given mount.

This has a number of uses.  It allows chroots to have parts of
filesystems writable.  It will be useful for containers in the future
because users may have root inside a container, but should not
be allowed to write to somefilesystems.  This also replaces 
patches that vserver has had out of the tree for several years.

It allows security enhancement by making sure that parts of
your filesystem are read-only (such as when you don't trust your
FTP server), when you don't want to have entire new filesystems
mounted, or when you want atime selectively updated.
I've been using this script:

to test that the feature is working as desired.  It takes a
directory and makes a regular bind and a r/o bind mount of it.
It then performs some normal filesystem operations on the
three directories, including ones that are expected to fail,
like creating a file on the r/o mount.

Acked-by: Al Viro <>
Signed-off-by: Christoph Hellwig <>
Signed-off-by: Dave Hansen <>

             reply	other threads:[~2008-02-15 22:39 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-15 22:37 Dave Hansen [this message]
2008-02-15 22:37 ` [PATCH 01/30] reiserfs: eliminate private use of struct file in xattr Dave Hansen
2008-02-15 22:37 ` [PATCH 02/30] hppfs pass vfsmount to dentry_open() Dave Hansen
2008-02-15 22:37 ` [PATCH 03/30] check for null vfsmount in dentry_open() Dave Hansen
2008-02-15 22:37 ` [PATCH 04/30] fix up new filp allocators Dave Hansen
2008-02-15 22:37 ` [PATCH 05/30] do namei_flags calculation inside open_namei() Dave Hansen
2008-02-15 22:37 ` [PATCH 06/30] merge open_namei() and do_filp_open() Dave Hansen
2008-02-15 22:37 ` [PATCH 07/30] r/o bind mounts: stub functions Dave Hansen
2008-02-16  0:32   ` Theodore Tso
2008-02-16  0:49     ` Dave Hansen
2008-02-16  1:00       ` Theodore Tso
2008-02-16  1:11         ` Andrew Morton
2008-02-16  6:31           ` Christoph Hellwig
2008-02-16  6:46             ` Andrew Morton
2008-02-18  7:06               ` Dave Hansen
2008-02-20 22:25             ` Dave Hansen
2008-02-20 22:58               ` Christoph Hellwig
2008-02-15 22:37 ` [PATCH 08/30] r/o bind mounts: create helper to drop file write access Dave Hansen
2008-02-15 22:37 ` [PATCH 09/30] r/o bind mounts: drop write during emergency remount Dave Hansen
2008-02-18 16:29   ` Miklos Szeredi
2008-02-23 13:38     ` Al Viro
2008-02-15 22:37 ` [PATCH 10/30] r/o bind mounts: elevate write count for vfs_rmdir() Dave Hansen
2008-02-15 22:37 ` [PATCH 11/30] r/o bind mounts: elevate write count for callers of vfs_mkdir() Dave Hansen
2008-02-15 22:37 ` [PATCH 12/30] r/o bind mounts: elevate mnt_writers for unlink callers Dave Hansen
2008-02-15 22:37 ` [PATCH 13/30] r/o bind mounts: elevate write count for xattr_permission() callers Dave Hansen
2008-02-15 22:37 ` [PATCH 14/30] r/o bind mounts: elevate write count for ncp_ioctl() Dave Hansen
2008-02-15 22:37 ` [PATCH 15/30] r/o bind mounts: write counts for time functions Dave Hansen
2008-02-15 22:37 ` [PATCH 16/30] r/o bind mounts: elevate write count for do_utimes() Dave Hansen
2008-02-15 22:37 ` [PATCH 17/30] r/o bind mounts: write count for file_update_time() Dave Hansen
2008-02-15 22:37 ` [PATCH 18/30] r/o bind mounts: write counts for link/symlink Dave Hansen
2008-02-15 22:37 ` [PATCH 19/30] r/o bind mounts: elevate write count for ioctls() Dave Hansen
2008-02-15 22:37 ` [PATCH 20/30] r/o bind mounts: elevate write count for open()s Dave Hansen
2008-02-15 22:37 ` [PATCH 21/30] r/o bind mounts: get write access for vfs_rename() callers Dave Hansen
2008-02-15 22:37 ` [PATCH 22/30] r/o bind mounts: elevate write count for chmod/chown callers Dave Hansen
2008-02-15 22:37 ` [PATCH 23/30] r/o bind mounts: write counts for truncate() Dave Hansen
2008-02-15 22:37 ` [PATCH 24/30] r/o bind mounts: elevate count for xfs timestamp updates Dave Hansen
2008-02-15 22:37 ` [PATCH 25/30] r/o bind mounts: make access() use new r/o helper Dave Hansen
2008-02-15 22:37 ` [PATCH 26/30] r/o bind mounts: check mnt instead of superblock directly Dave Hansen
2008-02-15 22:37 ` [PATCH 27/30] r/o bind mounts: get callers of vfs_mknod/create() Dave Hansen
2008-02-15 22:37 ` [PATCH 28/30] r/o bind mounts: track numbers of writers to mounts Dave Hansen
2008-02-18 16:10   ` Miklos Szeredi
2008-02-20 21:12     ` Dave Hansen
2008-02-15 22:38 ` [PATCH 29/30] r/o bind mounts: honor mount writer counts at remount Dave Hansen
2008-02-15 22:38 ` [PATCH 30/30] r/o bind mounts: debugging for missed calls Dave Hansen
2008-02-16  1:32 ` [PATCH] r/o bind mounts: stub functions Dave Hansen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080215223721.9E0A088A@kernel \ \ \ \ \ \
    --subject='Re: [PATCH 00/30] Read-only bind mounts (-mm resend)' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).