On Wed, Jun 03, 2015 at 04:13:21PM -0500, Eric W. Biederman wrote: > Andy Lutomirski <luto@xxxxxxxxxxxxxx> writes: > > > One option would be to break the nosuid, nodev, and noexec parts into > > their own patch and then avoid tagging that patch for -stable if at > > all possible. It would be nice to avoid another -stable ABI break if > > at all possible. > > So I don't think we actually have anything that could be called an ABI > break in the whole mess, but it is definitely a behavioral change that > is a regression for lxc and libvirt-lxc that prevents them from starting. > > nodev does not actually matter because of the implicit silliness that > is being added right now. > > We do want those programs fixed and after those programs are fixed we > can safely begin failing mount when those attributes are being cleared > in a fresh mount. > > So it looks to me like the best thing to do is to print a warning > whenever lxc or libvirt-lxc gets it wrong, which should ensure the > authors are sufficiently pestered that in a kernel release or 3 we can > begin enforcing those attributes. Especially as the discussion on the > fix for those applications has already begun. "pestering" never works, look at some of the SCSI drivers for examples of how a distro will just patch out the "warning this driver is using an old api and needs to be fixed" messages. You can't break stuff like this, people will get upset :( greg k-h _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
