On Sun, Oct 24, 2010 at 12:17 AM, Ted Ts'o <tytso@xxxxxxx> wrote: > On Sat, Oct 23, 2010 at 06:00:05PM +0200, Amir Goldstein wrote: >> >> IMHO, and I've said it before, the mount flag which Bernd requests >> already exists, namely 'errors=', both as mount option and as >> persistent default, but it is not enforced correctly on mount time. >> If an administrator decides that the correct behavior when error is >> detected is abort or remount-ro, what's the sense it letting the >> filesystem mount read-write without fixing the problem? > > Again, consider the case of the root filesystem containing an error. > When the error is first discovered during the source of the system's > operation, and it's set to errors=panic, you want to immediately > reboot the system. But then, when root file system is mounted, it > would be bad to have the system immediately panic again. Instead, > what you want to have happen is to allow e2fsck to run, correct the > file system errors, and then system can go back to normal operation. > > So the current behavior was deliberately designed to be the way that > it is, and the difference is between "what do you do when you come > across a file system error", which is what the errors= mount option is > all about, and "this file system has some kind of error associated > with it". Just because it has an error associated with it does not > mean that immediately rebooting is the right thing to do, even if the > file system is set to "errors=panic". In fact, in the case of a root > file system, it is manifestly the wrong thing to do. If we did what > you suggested, then the system would be trapped in a reboot loop > forever. > Yes, I do realize that to panic on mount would be stupid :-) this is why I wrote that there is no sense in mounting the file system read-write. let me rephrase the 3 error behaviors as the designer (you?) intended: errors=continue - "always stay out of my way and let me corrupt my file system as much as I want". errors=read-only - "never let me corrupt my file system more than it already is". errors=panic - "never let me corrupt my file system ... and never let me view files which may not be there after I reboot". If you agree with my interpretations to the errors behavior codes, than you should agree to enforcing on mount time: errors=continue - if ERROR_FS, go a head and corrupt your file system errors=read-only - if ERROR_FS, allow only read-only mount errors=panic - if ERROR_FS, allow only read-only mount (files you see now are safely stored on disk) Amir. -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
