[PATCH v4 0/6] querying mount attributes
Ian Kent
raven at themaw.net
Mon Nov 6 23:54:19 UTC 2023
On 6/11/23 20:10, Karel Zak wrote:
> On Wed, Nov 01, 2023 at 07:52:45PM +0800, Ian Kent wrote:
>> On 25/10/23 22:01, Miklos Szeredi wrote:
>> Looks ok to me,covers the primary cases I needed when I worked
>> on using fsinfo() in systemd.
> Our work on systemd was about two areas: get mount info (stat/listmount()
> now) from the kernel, and get the mount ID from notification.
>
> There was watch_queue.h with WATCH_TYPE_MOUNT_NOTIFY and struct
> mount_notification->auxiliary_mount (aka mount ID) and event subtype
> to get the change status (new mount, umount, etc.)
>
> For example David's:
> https://patchwork.kernel.org/project/linux-security-module/patch/155991711016.15579.4449417925184028666.stgit@warthog.procyon.org.uk/
>
> Do we have any replacement for this?
Not yet.
I tried to mention it early on but I don't think my description
conveyed what's actually needed.
>
>> Karel, is there anything missing you would need for adding
>> libmount support?
> Miklos's statmount() and listmount() API is excellent from my point of
> view. It looks pretty straightforward to use, and with the unique
> mount ID, it's safe too. It will be ideal for things like umount(8)
> (and recursive umount, etc.).
Thanks Karel, that's what I was hoping.
>
> For complex scenarios (systemd), we need to get from the kernel the
> unique ID's after any change in the mount table to save resources and
> call statmount() only for the affected mount node. Parse mountinfo
> sucks, call for(listmount(-1)) { statmount() } sucks too :-)
I have been looking at the notifications side of things.
I too need that functionality for the systemd work I was doing on
this. There was a need for event rate management too to get the
most out of the mount query improvements which I really only
realized about the time the work stopped. So for me there's
some new work needed as well.
I'm not sure yet which way to go as the watch queue implementation
that was merged is just the framework and is a bit different from
what we were using so I'm not sure if I can port specific extensions
of David's notifications work to it. I'm only just now getting to a
point where I can spend enough time on it to work this out.
Ian
More information about the Linux-security-module-archive
mailing list