Re: [REVIEW][PATCH 4/5] mnt: Change the default remount atime from relatime to the existing value

Serge Hallyn <serge.hallyn@xxxxxxxxxx> · Thu, 31 Jul 2014 22:59:02 +0000

Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
> 
> Since March 2009 the kernel has treated the state that if no
> MS_..ATIME flags are passed then the kernel defaults to relatime.
> 
> Defaulting to relatime instead of the existing atime state during a
> remount is silly, and causes problems in practice for people who don't
> specify any MS_...ATIME flags and to get the default filesystem atime
> setting.  Those users may encounter a permission error because the
> default atime setting does not work.
> 
> A default that does not work and causes permission problems is
> ridiculous, so preserve the existing value to have a default
> atime setting that is always guaranteed to work.
> 
> Using the default atime setting in this way is particularly
> interesting for applications built to run in restricted userspace
> environments without /proc mounted, as the existing atime mount
> options of a filesystem can not be read from /proc/mounts.
> 
> In practice this fixes user space that uses the default atime
> setting on remount that are broken by the permission checks
> keeping less privileged users from changing more privileged users
> atime settings.
> 
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>

Acked-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxx>

> ---
>  fs/namespace.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/fs/namespace.c b/fs/namespace.c
> index dd9c93b5a9d5..7886176232c1 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -2473,6 +2473,14 @@ long do_mount(const char *dev_name, const char *dir_name,
>  	if (flags & MS_RDONLY)
>  		mnt_flags |= MNT_READONLY;
>  
> +	/* The default atime for remount is preservation */
> +	if ((flags & MS_REMOUNT) &&
> +	    ((flags & (MS_NOATIME | MS_NODIRATIME | MS_RELATIME |
> +		       MS_STRICTATIME)) == 0)) {
> +		mnt_flags &= ~MNT_ATIME_MASK;
> +		mnt_flags |= path.mnt->mnt_flags & MNT_ATIME_MASK;
> +	}
> +
>  	flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_BORN |
>  		   MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
>  		   MS_STRICTATIME);
> -- 
> 1.9.1
> 
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers