[PATCH 03/10] teach move_mount(2) to work with OPEN_TREE_CLONE
Alan Jenkins
alan.christopher.jenkins at gmail.com
Tue Feb 26 17:45:59 UTC 2019
On 19/02/2019 17:08, David Howells wrote:
> Allow a detached tree created by open_tree(..., OPEN_TREE_CLONE) to be
> attached by move_mount(2).
>
> If by the time of final fput() of OPEN_TREE_CLONE-opened file its tree is
> not detached anymore, it won't be dissolved. move_mount(2) is adjusted
> to handle detached source.
>
> That gives us equivalents of mount --bind and mount --rbind.
This is a bit ambiguous. The two cases can be understood by analogy to
bind / rbind. But it is also seems natural, to think it could be used
to implement the exact same thing as current `mount --bind` /
`--rbind`. I think it *does* now provide a full equivalence, right?
I was thinking about the case where mount propagation is enabled on the
source tree, i.e. it is not a private mount. Suppose a new mount is
added inside the source tree, between open_tree() and move_mount().
In the previous version of the patch series, Eric suggested there was a
NULL dereference in this scenario.[1] This version should be safe. I
think the new mount will be propagated to the cloned tree. Furthermore -
due to the way this version uses a temporary mount namespace - the
propagated version of the mount will not be locked by
attach_recursive_mnt().
[1] https://lore.kernel.org/lkml/87bm7n5k1r.fsf@xmission.com/
It looks very neat now, with the use of the temporary namespaces.
Congratulations :-). I have finished looking through these patches 1-3 now.
> Thanks also to Alan Jenkins<alan.christopher.jenkins at gmail.com> for
> providing a whole bunch of ways to break things using this interface.
>
> Signed-off-by: Al Viro<viro at zeniv.linux.org.uk>
> Signed-off-by: David Howells<dhowells at redhat.com>
> Signed-off-by: Al Viro<viro at zeniv.linux.org.uk>
>
P.S. I guess Al does not need two Signed-off-by lines here.
Thanks
Alan
More information about the Linux-security-module-archive
mailing list