On Fri, Jan 26, 2007 at 04:23:22PM -0600, Eric Sandeen wrote:
> xfs_freeze is actually -designed- to exit without unfreezing the
> filesystem, FWIW, for better or worse. And I suppose there is all sorts
> of mayhem that could stem from setuid programs of all stripes...
I had a vague memory of that, but I probably supressed the horror. :-)
> But anyway, on a less OT-topic, it has always seemed a little weird to
> me that you can -only- freeze a filesystem on an lvm block device.
> Surely there are occasionally legitimate reasons to freeze a filesystem
> on an arbitrary block device, if the filesystem can support it?
The issue isn't that you can only freeze a filesystem on an LVM block
device; in fact, you can't. You can only take a snapshot on an LVM
block device. I wish you could take snapshots on arbitrary block
devices --- the EVMS1 kernel patches allowed that --- but
unfortunately they were implemented in a way that the kernel community
decided was too ugly to let live, or at least merge into mainline.
> I don't see how direct exposure to freezing routines via LVM ioctls is
> any less dangerous than direct exposure to freezing routines on
> /dev/hda1...
So the issue is that you *don't* have direct expusire to the freezing
routines via LVM ioctl's. All you can do is request a snapshot, and
the LVM ioctl's freeze the filesystems, take the snapshot and then
unfreeze the filesystem.
You're right that the BLKROSET ioctls are probably just as dangerous
as well, and of course root can do all sorts of things like running
mkfs, or dd'ing into /dev/kmem, etc. I think though the issue was
that someone requested a user mode program that was accessible via a
shell script, probably because XFS had that functionality, and the
concern was that few people trusted system administrators to be able
to handle such power responsibly. Freezing the filesystem for hour or
minutes seems like a very bad idea, and that's exactly the sort of
thing that I can imagine a clueless level one system administrator
doing. ("I know! I'll freeze the filesystem while I backup all 30 TB
of it, and then I'll unfreeze it.")
The question really is what are the legimate uses of such a facility
where you wouldn't be better off taking a snapshot and then doing the
backup dump on the snapshot? The real issue is that we can't take
snapshots on plain block devices, but that might be the better problem
to solve....
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
