On Tue, Jan 30, 2024 at 09:32:13AM +0100, Christoph Hellwig wrote: > On Mon, Jan 29, 2024 at 06:09:37PM +0100, Christian Brauner wrote: > > I don't think it's that bad and is temporary until we can > > unconditionally disable writing to mounted block devices. Until then we > > can place all of this under #if IS_ENABLED(CONFIG_BLK_DEV_WRITE_MOUNTED) > > in a single location in block/fops.c so its nicely encapsulated and > > confined. > > Oh well. If Jens is fine with this I can live with it even if I don't > like it too much. I'll probably just clean it up as a follow up. > > OTOH I fear we won't be able to unconditionally disable writing to > mounted block devices anytime soon if ever. One my dream. Put another way, if we don't even allow us to think that we can remove insecure functionality in the future then we have to accept that we'll be piling on #ifdefine's and mostly unused code forever which is just sad. :/ I'm hopeful that writing to mounted block devices is something that we can make all major distros move away from. We should start just because we need to figure out what tools do actually try to do stuff like that.
