On Tue, Jun 21, 2016 at 01:54:21PM -0500, Eric W. Biederman wrote: > Andy Lutomirski <luto@xxxxxxxxxxxxxx> writes: > > > On Mon, Jun 20, 2016 at 10:21 AM, Eric W. Biederman > > <ebiederm@xxxxxxxxxxxx> wrote: > >> Replace the call of fs_fully_visible in do_new_mount from before the > >> new superblock is allocated with a call of mount_too_revealing after > >> the superblock is allocated. This winds up being a much better location > >> for maintainability of the code. > >> > >> The first change this enables is the replacement of FS_USERNS_VISIBLE > >> with SB_I_USERNS_VISIBLE. Moving the flag from struct filesystem_type > >> to sb_iflags on the superblock. > > > > Why is this useful? > > A couple of reasons. > - It helps clean up do_new_mount which is currently so overloaded by > special cases that it is difficult to see the core logic. Agreed, i find this easier to read and reason about. > - It makes the check about the actual superblock that is being mounted > rather than the superblock that might be mounted. > > - The practical place where being about the actual superblock that is > being mounted helps is that in "11/13 mnt: Simplify mount_too_revealing" > that removes the MNT_LOCK_NOSUID MNT_LOCK_NOEXEC and MNT_LOCK_NODEV > tests from the code, while verify that those tests are not needed > because the sb_iflags contains SB_I_NOEXEC and SB_I_NODEV. > > - The conceptual change of testing once the superblock has been > generated makes changes like the one above much more sensible > and it helps untangle mount namespace versus superblock concerns. > > That last is a big part of what this patchset is about. When do we care > about the superblock and when do we care about the mount namespace. > > Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
